burger icon
MrGreen Casino Canada
Log In

Privacy Policy

This Privacy Policy explains how mrgreen-casino-canada collects, uses, discloses, and safeguards personal information for players and visitors of https://mrgreen-ca.com (the "Site"). It applies to account holders, prospective players, affiliates, and all Site visitors located in Canada and, where relevant, in other jurisdictions. Effective date: January 15, 2025. OBSERVE: We identify applicable Canadian privacy laws and industry standards. EXPAND: We address cross-border processing and gambling-specific obligations (KYC/AML, risk). REFLECT: We present clear, legally accurate information with user-friendly procedures.

Who We Are

Controller/Operator: mrgreen-casino-canada is operated for Canadian users via https://mrgreen-ca.com by Mr Green Limited, a company within the Evoke plc group and licensed by the Malta Gaming Authority (MGA) under license number MGA/CRP/121/2006. Registered jurisdiction: Malta. Parent company: Evoke plc.

  • Registered name: Mr Green Limited (Malta)
  • Regulatory licensing (selected): Malta Gaming Authority (MGA/CRP/121/2006); other market licenses as applicable outside Canada
  • Website in scope: https://mrgreen-ca.com (Note: https://www.mrgreen.com/ca/ is a regional/legacy site and may be subject to separate terms where stated.)

Data Protection Contact (DPO/Data Protection Office): Email: [email protected]. Postal: Data Protection Office, Mr Green Limited, Malta (please include your account ID and jurisdiction). We will update this section if our corporate or contact details change. OBSERVE: You need a clear contact channel. EXPAND: One inbox for access/erasure/complaints. REFLECT: Use the above email or postal address for all privacy requests.

What Personal Data We Collect

  • Identity and contact: Full name, date of birth, address, email, phone, government-issued ID/KYC documents, selfies/biometrics (where permitted and only for KYC/age/anti-fraud), account username.
  • Account and behavioral: Account settings, login history, betting/playing history, session duration, clicks, navigation, responsible gambling settings (limits, self-exclusion), chat/communications with support.
  • Financial and transactional: Payment method details (tokenized where possible), deposits/withdrawals, currency, bonuses, chargeback flags, tax/withholding data where required.
  • Technical: IP address, device identifiers, OS/browser, language, time zone, device telemetry, crash logs, geolocation signals (precision only where required for compliance/fraud and with consent where required).
  • Cookies and similar tech: Cookies, SDKs, pixels, tags, web beacons; see Cookies section.
  • Third-party data: KYC/AML screening results, sanctions/PEP checks, adverse media, payment provider verifications, affiliate attribution data.

OBSERVE: Gambling compliance requires identity, transactional, and device data. EXPAND: We minimize and tokenize when feasible. REFLECT: We collect only what is necessary for legal, security, and service purposes.

Legal Basis for Processing

  • Consent (PIPEDA/GDPR where applicable): Email/SMS marketing; certain cookies/analytics; precise geolocation; optional surveys. You may withdraw consent at any time.
  • Contractual necessity: Create and administer your account, process payments and withdrawals, provide games, customer support, and resolve service issues.
  • Legitimate interests (GDPR) / Appropriate purposes (PIPEDA): Fraud prevention, network and information security, service analytics, service improvement, enforcing terms, defending legal claims. We balance these against your rights.
  • Legal obligations: KYC/AML/CTF screening, age verification, responsible gambling measures, sanctions screening, accounting/audit, record retention, responding to lawful requests.

OBSERVE: Canadian law emphasizes consent and appropriate purposes; EU/UK frameworks add explicit legal bases. EXPAND: We tailor the basis to each activity. REFLECT: Where consent is withdrawn, we stop related processing unless another lawful ground applies.

Purpose of Processing

  • Service delivery: Account creation, access, gameplay, payments, customer support, responsible gambling tools.
  • Compliance: KYC/AML checks, age verification, sanctions screening, audit and tax records.
  • Security/fraud: Detect, investigate, and prevent fraud, abuse, botting, collusion, and security incidents.
  • Analytics and improvement: Performance monitoring, feature usage, A/B testing, crash diagnostics, content optimization.
  • Marketing (with consent): Offers, bonuses, newsletters, personalized recommendations, affiliate attribution and reporting.
  • Disputes and enforcement: Handling chargebacks, complaints, regulatory inquiries, and legal claims.

OBSERVE: Purposes align to service, safety, and law. EXPAND: We avoid incompatible secondary uses. REFLECT: New purposes will be notified and, where required, consent obtained.

Disclosure & Sharing

  • Payment partners: Banks, card schemes, payment processors, and anti-fraud vendors to process transactions and prevent abuse.
  • Verification/KYC providers: Identity validation, sanctions/PEP screening, address and age verification, document authentication.
  • Technology/service providers: Hosting, security, email/SMS delivery, analytics, customer support tools, content providers, game studios.
  • Affiliates and group companies: For consolidated reporting, compliance operations, and support; marketing only with your consent.
  • Regulators and law enforcement: Where legally required (e.g., AML/CTF, court orders) or to protect rights, safety, and integrity of the platform.
  • Advertising networks (with consent): Ad tech partners for measurement and personalized marketing; cookie controls apply.
  • Business transactions: In a merger, acquisition, or corporate reorganization, subject to safeguards and continued protections.

OBSERVE: Disclosures are functionally necessary or legally mandated. EXPAND: Contracts bind processors to confidentiality and security. REFLECT: We do not sell personal information.

International Transfers

Your information may be processed in Malta, the EU/EEA, the United Kingdom, the United States, Canada, and other locations where our service providers operate.

  • From Canada: We use contractual, organizational, and technical safeguards to ensure comparable protection. You may contact us to learn about offshore processing locations.
  • From the EEA: We rely on European Commission Standard Contractual Clauses (SCCs) and supplementary measures.
  • From the UK: We use the UK IDTA/Addendum with SCCs where appropriate.
  • To US vendors: We use SCCs and, where relevant to EEA-origin data, partners certified under the EU-U.S. Data Privacy Framework.

OBSERVE: Cross-border processing is inherent to global gaming operations. EXPAND: We implement layered safeguards and conduct transfer risk assessments where required. REFLECT: We will provide copy-of-clauses information upon request, subject to redactions.

Data Retention

  • Account and identity data: For the life of the account and 5 years after closure, or longer where necessary for legal claims or regulatory obligations.
  • KYC/AML documentation: 5 years after account closure or last transaction, unless law requires a longer period.
  • Transactions and financial records: 7 years for accounting/audit and fraud prevention.
  • Behavioral and logs (security/operations): 12-24 months, unless needed for investigation or legal defense.
  • Marketing data: Until you opt out or after 24 months of inactivity, whichever occurs first.
  • Cookies: Session cookies (end of session); persistent cookies typically 6-24 months (see Cookies section).
  • Complaints/disputes: Case file retention 2-7 years depending on matter.

Deletion occurs upon expiry of retention periods, successful erasure requests, or when purposes end, subject to legal holds. OBSERVE: Gambling and AML rules require minimum retention. EXPAND: We segregate and minimize data. REFLECT: We apply secure deletion and backup purging protocols.

Your Rights

  • Canada (PIPEDA and applicable provincial laws): Access your data; request corrections; withdraw marketing consent; challenge compliance; learn about cross-border processing. We respond within 30 days, free of charge (reasonable fees may apply for unusual requests as allowed by law).
  • EU/UK (GDPR/UK GDPR, if applicable): Rights of access, rectification, erasure, restriction, objection (including to profiling/marketing), data portability, and withdrawal of consent; lodge a complaint with a supervisory authority.
  • Mexico (where applicable): ARCO rights (Access, Rectification, Cancellation, Opposition) under the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).

How to exercise your rights

  1. Submit request: Email [email protected] from your registered email or write to our postal address. Specify the right you wish to exercise and include your account ID and jurisdiction.
  2. Verify identity: We may request additional information to confirm your identity.
  3. Response timeline: We aim to respond within 30 days. If we need more time, we will notify you with reasons and a new date.
  4. Outcomes: If we cannot fulfill a request (e.g., due to legal obligations or others' rights), we will explain the reasons and your options to escalate.

OBSERVE: Rights vary by jurisdiction. EXPAND: We provide a single channel and clear verification steps. REFLECT: We do not discriminate for exercising privacy rights.

Cookies & Tracking Technologies

Types and purposes

  • Strictly necessary (session/persistent): Core functionality, security, login, load balancing.
  • Functional (persistent): Preferences, language, remembering settings.
  • Analytics (first/third-party): Usage metrics, performance, diagnostics, A/B testing.
  • Advertising/marketing (third-party): Measurement, frequency capping, personalization (only with consent).

Controls

  • Browser settings: Block or delete cookies. Blocking may impact functionality.
  • Site controls: Our cookie banner/preferences center lets you manage non-essential cookies.
  • Do Not Track: We currently do not respond to DNT signals; use our preference tools instead.

OBSERVE: Cookies support performance and compliance. EXPAND: We default to minimal non-essential tracking. REFLECT: Consent choices can be changed at any time.

Data Security

  • Encryption: TLS 1.2+ for data in transit; strong encryption (e.g., AES-256) at rest for sensitive fields.
  • Access controls: Role-based access, MFA, least-privilege, segregation of duties, just-in-time access for production systems.
  • Monitoring and testing: Vulnerability management, regular penetration testing, code reviews, logging and anomaly detection.
  • Organizational measures: Security and privacy training, background checks where lawful, vendor due diligence, incident response plan, data protection impact assessments where required.
  • Standards: Our security program aligns with recognized frameworks (e.g., ISO/IEC 27001). Selected vendors maintain SOC 2 or equivalent certifications.
  • Breach response: If a breach poses a real risk of significant harm to Canadians, we notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible and keep records for 24 months. For GDPR-covered data, we notify supervisory authorities within 72 hours where required.

OBSERVE: Gaming data is sensitive and targeted. EXPAND: We combine technical, organizational, and contractual safeguards. REFLECT: We regularly assess and enhance our controls.

Complaints & Contacts

Contact us first

  • Email (preferred): [email protected]
  • Postal: Data Protection Office, Mr Green Limited, Malta (include your account ID and jurisdiction)
  • Website: https://mrgreen-ca.com (for general information)

Our complaint process

  1. Submission: Send your concern with details and any supporting evidence.
  2. Acknowledgment: We acknowledge within 5 business days.
  3. Investigation: We investigate and respond with findings and actions within 30 days. If we need more time, we will tell you why and when to expect an outcome.
  4. Escalation: If unresolved, you may escalate to the appropriate authority below.

Supervisory authorities

  • Canada (Federal): Office of the Privacy Commissioner of Canada (OPC) - priv.gc.ca; 1-800-282-1376
  • Quebec: Commission d'accès à l'information (CAI) - www.cai.gouv.qc.ca
  • British Columbia: Office of the Information and Privacy Commissioner - www.oipc.bc.ca
  • Alberta: Office of the Information and Privacy Commissioner - www.oipc.ab.ca
  • Mexico (if applicable): INAI - www.inai.org.mx
  • EU/EEA (if applicable): Contact your local authority; list at edpb.europa.eu

OBSERVE: A clear escalation path protects your rights. EXPAND: We provide federal and provincial contacts. REFLECT: We welcome resolution directly but support regulatory recourse.

Updates

  • Notice methods: We will post updates on this page, and for material changes we will notify via email, account alerts, or website banners.
  • Advance notice: For significant changes affecting how we use or share your data, we provide at least 30 days' notice where feasible. Continued use after the effective date constitutes acceptance; you may object or close your account before changes take effect.
  • Version control: Last updated: January 2025. We maintain a change log of material updates upon request.

OBSERVE: Policy changes can affect consent and rights. EXPAND: We provide clear, advance communication. REFLECT: We will seek renewed consent where required by law.