Privacy Policy

This privacy policy explains how northern-lights-casino, operating exclusively through northernlights-ca.com, collects, uses, protects, and discloses your personal information. It applies to all players and visitors using our website and services. The effective date of this policy is November 6, 2025.

Who We Are

OBSERVE: The operator of northern-lights-casino is the Saskatchewan Indian Gaming Authority (SIGA), under the regulatory oversight of Lotteries and Gaming Saskatchewan (LGS).
EXPAND: Although full corporate registration details are not specified, SIGA's principal office and legal correspondence addresses are provided, along with key contact methods.
REFLECT: All inquiries or data protection requests should be directed to our Data Protection Officer (DPO) as follows:

• Operator: Saskatchewan Indian Gaming Authority (SIGA)
• Registered Address (Headquarters): 44 Marquis Rd W, Prince Albert, SK S6V 7Y8, Canada
• SIGA Corporate Office: 103 Packham Ave, Saskatoon, SK S7N 4K4, Canada
• Data Protection Officer (DPO) Contact: info@northernlights-ca.com | 306-477-7777
• Support Email: support@northernlights-ca.com
• Online Contact Form: https://siga.ca/contact-us
• Regulator: Lotteries and Gaming Saskatchewan (LGS), jurisdiction: Saskatchewan, Canada

What Personal Data We Collect

OBSERVE: We collect several categories of personal and technical data to provide and improve our casino services.
EXPAND: This includes both directly provided information and data automatically collected during your interactions.
REFLECT: The following data categories are collected:

• Personal Identification Data: Full name, date of birth, residential address, email address, phone number, and government-issued identification for verification purposes.
• Contact Data: Email address, phone numbers, and any information supplied via our contact forms.
• Account and Behavioral Data: Username, account preferences, betting history, transaction records, site usage patterns, clickstream data, and responsible gambling activity.
• Technical Data: IP address, browser type and version, device identifiers, operating system, log files, access times, and geolocation information.
• Payment Data: Bank account details, credit/debit card information, e-wallet details, transaction records, and payout information.
• Cookies and Tracking Technologies: Session cookies, persistent cookies, third-party cookies, web beacons, pixels, and similar technologies (see section on Cookies below).

We do not intentionally collect data from individuals under the legal gambling age in Saskatchewan (19+). Attempts to access our services by such individuals are actively prevented and monitored.

Legal Basis for Processing

OBSERVE: Processing of personal data is governed by applicable Canadian privacy legislation, industry standards, and regulatory obligations.
EXPAND: The main legal bases for collecting and processing your data are outlined below.
REFLECT: These include:

1. User Consent: We process your data based on explicit consent for certain activities, such as marketing communications and cookies. Consent is always revocable via your account settings or by contacting our DPO.
2. Performance of Contract: Data processing is necessary to establish, manage, and fulfill our contractual obligations to you as a registered player, including account management, processing deposits/withdrawals, and delivering gaming services.
3. Legal Obligations: We are required to collect and process certain personal data to comply with statutory obligations, including Know Your Customer (KYC), Anti-Money Laundering (AML), fraud prevention, and reporting to regulatory authorities in Saskatchewan and Canada.
4. Legitimate Interests: Processing may be necessary for our legitimate business interests, including the enhancement of service quality, security, analytics, and responsible gambling initiatives. These interests never override your fundamental rights and freedoms.

Regional Compliance Note: Data processing is performed in line with the Personal Information Protection and Electronic Documents Act (PIPEDA), Saskatchewan privacy regulations, and industry best practices.

Purpose of Processing

OBSERVE: We process your personal data solely for specified, explicit, and legitimate purposes.
EXPAND: All processing activities are limited to what is necessary for northern-lights-casino's operations via northernlights-ca.com.
REFLECT: Key data uses include:

• Providing Services: Enabling account creation, management, and access to casino games and features.
• Transaction Management: Processing deposits, withdrawals, payouts, and managing account balances securely.
• Regulatory Compliance: Conducting KYC/AML checks, monitoring for fraud, and fulfilling legal reporting duties.
• Service Improvement: Analyzing usage patterns and feedback to enhance platform functionality, security, and user experience.
• Marketing and Promotions: Sending promotional offers, newsletters, and updates (only with your prior consent, which can be withdrawn at any time).
• Analytics and Research: Conducting statistical analysis to optimize our services and ensure responsible gambling measures are effective.
• Security: Protecting user accounts, preventing unauthorized access, and ensuring system integrity.

Disclosure & Sharing

OBSERVE: northern-lights-casino only discloses personal data where necessary and legally justified.
EXPAND: All third parties are subject to strict confidentiality and data protection requirements.
REFLECT: Data may be shared with:

• Payment Partners: Financial institutions and payment processors for transaction facilitation, subject to contractual data protection obligations.
• Service Providers: IT suppliers, analytics providers, cloud hosting partners, and customer support services, strictly for service delivery and only under robust data security agreements.
• Regulatory Authorities: Lotteries and Gaming Saskatchewan (LGS) and other competent authorities for compliance and reporting purposes.
• Affiliates: With trusted marketing partners and affiliates, only with your explicit consent.
• Advertising Networks: Third-party advertising or analytics networks, solely where required and with your consent for personalized marketing.
• Legal Obligations: Where required by law, to comply with court orders, regulatory investigations, or law enforcement requests.

We do not sell or rent your personal data to any third party for commercial purposes.

International Transfers

OBSERVE: While northern-lights-casino primarily operates within Saskatchewan, Canada, some data may be transferred to service providers located outside Canada.
EXPAND: Any transfer is conducted in strict accordance with Canadian privacy laws and international data protection standards.
REFLECT:

• Transfer Destinations: Data may be stored or processed in countries such as the United States or EU Member States, depending on the external service provider.
• Protection Mechanisms: All transfers are governed by robust data protection safeguards, including:
  • Standard Contractual Clauses (SCCs) approved under Canadian law
  • Binding corporate rules and contractual obligations ensuring data subject rights
  • Regular audits and compliance monitoring of service providers
• User Rights: You retain all rights and protections regarding your personal data, regardless of transfer location.

Regional Compliance Note: International data transfers are compliant with PIPEDA and applicable CA regulations as of 2025.

Data Retention

OBSERVE: Data is retained only for the period necessary to fulfill the purposes outlined in this policy.
EXPAND: Specific retention periods are determined by regulatory, legal, and operational requirements.
REFLECT:

• Personal Account Data: Retained for the duration of your account's active status and for no more than five (5) years following account closure, in accordance with regulatory retention mandates.
• Transaction and Financial Data: Retained for seven (7) years to comply with tax, audit, and anti-money laundering obligations.
• Behavioral and Analytical Data: Retained for up to three (3) years, or as long as necessary for service improvement, security, and analytics.
• Cookies and Tracking Data: Retention periods vary by cookie type (see Cookies section). Session cookies are deleted upon browser closure; persistent cookies may remain for up to two (2) years.
• Deletion Criteria: Data is securely deleted or anonymized upon user request, expiration of retention period, or when no longer necessary for processing purposes.

All data deletion processes comply with industry-standard secure erasure protocols as of 2025.

Your Rights

OBSERVE: northern-lights-casino upholds all data subject rights in accordance with Canadian and applicable international data protection laws.
EXPAND: While GDPR and certain Mexican privacy law principles are not directly binding on Canadian entities, we voluntarily align with international best practices where feasible.
REFLECT:

1. Right of Access: You may request confirmation of whether we process your data and obtain a copy of your personal information held by us.
2. Right to Rectification: You may request correction of inaccurate or incomplete personal data.
3. Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data in cases where processing is no longer necessary, or consent is withdrawn (subject to retention obligations).
4. Right to Restrict Processing: You may request that processing of your data be restricted under certain circumstances (e.g., contesting data accuracy).
5. Right to Object: You may object to processing for marketing or analytical purposes at any time.
6. Right to Data Portability: You may request to receive your data in a structured, commonly used, and machine-readable format.
7. Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time via your account or by contacting our DPO.
8. Complaint Rights: You have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or the relevant provincial authority.
9. Procedures: To exercise any of these rights, contact our DPO at info@northernlights-ca.com or use our online form. We will respond within thirty (30) days, free of charge except where requests are manifestly unfounded or excessive.

Regional Compliance Note: Our privacy practices are aligned with PIPEDA, the Saskatchewan Freedom of Information and Protection of Privacy Act (FOIP), and internationally recognized standards (as of 2025).

Cookies & Tracking Technologies

OBSERVE: northern-lights-casino uses cookies and similar technologies to enhance your experience on northernlights-ca.com.
EXPAND: We classify cookies as follows:

• Session Cookies: Temporary cookies required for basic site functionality, deleted when your browser is closed.
• Persistent Cookies: Remain on your device for a defined period to remember preferences and facilitate faster login.
• Third-Party Cookies: Set by external partners for analytics, advertising, or security purposes.

Purpose of Cookies:

• Functional: Necessary for site operation and user authentication.
• Analytics: Help us understand usage patterns and improve our services.
• Advertising: Enable tailored promotions and marketing communications (only with your consent).

Managing Cookies: You can manage or disable cookies through your browser settings at any time. For detailed instructions, refer to your browser's help documentation. Some features may not function if cookies are disabled. Additionally, you can manage consent for optional cookies via your account dashboard or our internal privacy panel.

Data Security

OBSERVE: We implement comprehensive technical and organizational measures to safeguard your personal data.
EXPAND: Security measures are regularly reviewed and updated in line with international standards.
REFLECT:

• Encryption: All data in transit is protected using TLS 1.2+ protocols. Sensitive data at rest is encrypted using industry-standard algorithms.
• Access Controls: Strict authentication procedures, including multi-factor authentication for staff and system access, role-based permissions, and regular access reviews.
• Security Audits: Regular penetration testing, vulnerability assessments, and independent security audits are conducted to ensure ongoing protection.
• Staff Training: All employees receive regular training in data privacy, information security, and incident response procedures.
• Incident Response: We have robust incident detection, notification, and remediation procedures in place, including immediate user notification in case of a data breach, as required by law.
• Compliance: Our security framework aligns with ISO 27001 and SOC 2 standards where applicable.

Data security is an ongoing commitment, and we continuously update our practices to address new threats as of 2025.

Complaints & Contacts

OBSERVE: We provide multiple channels for privacy-related complaints and inquiries.
EXPAND: Our DPO, support team, and regulatory contacts are available for escalation.
REFLECT:

• Primary Contact (DPO): Maya Tremblay, Data Protection Officer
  info@northernlights-ca.com
  306-477-7777
• Support Email: support@northernlights-ca.com
• Contact Form: https://siga.ca/contact-us
• Postal Correspondence: 44 Marquis Rd W, Prince Albert, SK S6V 7Y8, Canada

Complaint Procedure

1. Step 1: Submit your complaint or inquiry using any of the above contact methods, clearly outlining your concern.
2. Step 2: Our DPO will acknowledge receipt within five (5) business days, investigate the matter, and provide a substantive response within thirty (30) days of receipt.
3. Step 3: If unsatisfied, you may escalate to the Office of the Privacy Commissioner of Canada or the Saskatchewan Information and Privacy Commissioner.

• Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca/en/contact-the-opc/ | Phone: 1-800-282-1376
• Saskatchewan OIPC: https://oipc.sk.ca/contact/ | Phone: 1-306-787-8350

Complaints are handled free of charge. If you require additional support, the Saskatchewan Problem Gambling Helpline is available at 1-800-306-6789.

Updates

OBSERVE: Our privacy policy may be updated to reflect changes in legal requirements, business practices, or technology.
EXPAND: Material changes will be communicated proactively.
REFLECT:

• Notification Methods: We will notify you of significant updates via email, prominent website banners, and in your account dashboard.
• Advance Notice: For material changes, we will provide at least thirty (30) days' advance notice before the new policy becomes effective, allowing you to review and, if desired, object or close your account.
• Version Control: The current version of this policy is identified below. A changelog of material amendments will be maintained for your review.

Last updated: November 6, 2025

• Changelog:
  • 2025-11-06: Comprehensive update for alignment with new CA regulatory requirements and international standards; enhanced user rights and security measures.

To remain informed, please review this privacy policy regularly.