burger icon
Grey Rock Casino
Log In

Privacy Policy

This privacy policy explains how personal data is collected, processed, and protected on greyrock777.com. It applies to all users of the online casino platform, including players and website visitors. The policy is effective as of November 6, 2025, and is designed to ensure transparency, legal compliance, and the safeguarding of your rights as required under Canadian law and applicable international standards.

Who We Are

OBSERVE: The operator of greyrock777.com is grey-rock-casino, managed under the legal entity Madawaska Maliseet First Nation Inc. The registered headquarters is located at 100 Chief Joanna Blvd, Saint-Basile, NB E7C 0C1, Canada.
EXPAND: For all matters relating to data protection, the Data Protection Officer (DPO) or designated privacy contact can be reached using the following information:

  • Legal Name: Madawaska Maliseet First Nation Inc. (operating as grey-rock-casino on greyrock777.com)
  • Legal Address: 100 Chief Joanna Blvd, Saint-Basile, NB E7C 0C1, Canada
  • Contact Email: info@greyrock777.com (general); support@greyrock777.com (support)
  • Contact Phone: +1 506-735-2820
  • Contact Forms: Contact Page, Live Chat
  • Authoritative Contact: Taylor McLeod (responsible privacy contact)

REFLECT: These contact details should be used for all privacy-related inquiries, including data access and complaints.

What Personal Data We Collect

OBSERVE: greyrock777.com collects a range of information to provide and improve its services, and to comply with legal obligations.

  • Personal Identification Data: Full name, date of birth, address, email, phone number, identification documents (as required for verification and compliance).
  • Technical Data: IP address, device type, browser type, operating system, device identifiers, and server logs.
  • Payment and Financial Data: Credit/debit card information, bank account details, transactional history, withdrawal and deposit records.
  • Behavioral Data: Betting activity, gameplay statistics, login times, interaction logs, navigation paths, click data.
  • Cookies and Similar Technologies: Session cookies, persistent cookies, third-party analytics and advertising cookies, device fingerprinting technologies.

EXPAND: Some data may be collected automatically, while other categories are provided directly by users during registration or transactions.
REFLECT: All data collection is strictly limited to what is required for service provision, legal compliance, and platform security.

Legal Basis for Processing

OBSERVE: greyrock777.com processes personal data in accordance with the legal requirements of Canada (including PIPEDA), and applies international best practices where relevant.

  1. User Consent: Data is processed based on the user's explicit consent for purposes such as marketing communications, analytics, and use of certain cookies.
  2. Contract Fulfillment: Data is necessary for the execution of a contract (e.g., account creation, processing payments, enabling gameplay, fulfilling withdrawal requests).
  3. Legitimate Interests: Data is processed to ensure platform security, prevent fraud, and conduct analytics to improve service quality, provided these interests do not override user rights.
  4. Legal Obligations: Processing is required to comply with applicable laws and regulations, including Know Your Customer (KYC), Anti-Money Laundering (AML) checks, and record-keeping for regulatory reporting.

EXPAND: Where processing is based on consent, users may withdraw consent at any time without affecting the lawfulness of prior processing.
REFLECT: All processing activities are documented and reviewed regularly to ensure ongoing compliance.

Purpose of Processing

OBSERVE: Personal data is processed on greyrock777.com only for legitimate, specified purposes.

  • Service Provision: Creating and managing user accounts, processing transactions, providing customer support, and facilitating gameplay.
  • Service Improvement: Monitoring system performance, troubleshooting, and enhancing user experience through platform analytics.
  • Marketing and Communication: Sending promotional offers, service updates, and information (subject to user consent).
  • Analytics: Aggregating behavioral and technical data to analyze usage patterns and improve platform functionality.
  • Fraud Prevention and Security: Detecting unauthorized activity, verifying identities, and enforcing platform policies.

EXPAND: Data processing is limited to these purposes and is not extended beyond what is necessary.
REFLECT: All purposes are reviewed periodically to ensure relevance and compliance.

Disclosure & Sharing

OBSERVE: greyrock777.com may disclose personal data to third parties only as permitted or required by law and with appropriate safeguards.

  • Payment Partners: Banks, payment processors, and financial institutions for transaction processing and fraud prevention.
  • Service Providers: IT support, analytics, cloud hosting, and customer service vendors, under strict contractual and confidentiality obligations.
  • Regulatory Authorities: New Brunswick Lotteries and Gaming Corporation (NBLGC) and other relevant Canadian authorities for legal compliance, audits, and regulatory reporting.
  • Affiliates and Advertising Networks: Data may be shared for marketing purposes only with user consent and subject to applicable privacy laws.
  • Legal and Professional Advisors: Where necessary for the establishment, exercise, or defense of legal claims.

EXPAND: All third-party recipients are required to implement adequate data protection measures. Data will not be sold or rented to unauthorized parties.
REFLECT: Any disclosures are logged and subject to internal review to maintain accountability and transparency.

International Transfers

OBSERVE: greyrock777.com is based in Canada, but certain service providers or systems may operate in other jurisdictions.

  • Countries/Regions: Personal data may be transferred outside of Canada, including to the United States or European Economic Area (EEA), for purposes such as cloud hosting, technical support, or analytics.
  • Protection Measures: All international data transfers are governed by legally recognized safeguards, including Standard Contractual Clauses (SCCs), data processing agreements, and, where applicable, adherence to international frameworks (e.g., Privacy Shield for US-based transfers, where still recognized).

EXPAND: Transfers are only made when necessary and with appropriate contractual and technical protections in place.
REFLECT: Users may contact the DPO for details regarding specific transfer mechanisms and recipient countries.

Data Retention

OBSERVE: greyrock777.com retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

  • Account Data: Retained for the duration of the user relationship and up to 5 years after account closure, in line with KYC/AML regulations.
  • Transaction Records: Maintained for at least 5 years post-transaction for regulatory and auditing purposes.
  • Marketing Data: Retained until the user withdraws consent or unsubscribes from communications.
  • Technical Logs: Stored for up to 12 months for security and operational purposes, unless required longer for investigations.

EXPAND: Data may be deleted earlier upon user request, subject to legal obligations.
REFLECT: Secure deletion protocols are applied to all data no longer required, and retention periods are reviewed annually.

Your Rights

OBSERVE: Users benefit from comprehensive privacy rights under Canadian law (PIPEDA) and, where applicable, international standards such as GDPR.

  1. Right of Access: Users may request confirmation of whether their personal data is processed and obtain a copy of such data.
  2. Right to Rectification: Users can request correction of inaccurate or incomplete personal data.
  3. Right to Erasure: Users may request deletion of their personal data when it is no longer necessary or if consent is withdrawn, subject to legal retention obligations.
  4. Right to Restrict Processing: Users may request the restriction of processing under specific circumstances (e.g., contesting data accuracy).
  5. Right to Object: Users have the right to object to processing for direct marketing or based on legitimate interests.
  6. Right to Data Portability: Users may receive their personal data in a structured, commonly used format and transmit it to another controller where technically feasible.
  7. Withdrawal of Consent: Users can withdraw previously granted consent for marketing or non-essential processing at any time.

EXPAND: To exercise these rights, users should contact the DPO at info@greyrock777.com or via the contact form. All requests are processed free of charge within 30 days.
REFLECT: For unresolved concerns, users may escalate complaints to the Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/en/.
Regional Compliance Note: In the absence of direct Mexican or EU applicability, rights are aligned with PIPEDA and international best practices to ensure robust data protection.

Cookies & Tracking Technologies

OBSERVE: greyrock777.com uses cookies and similar technologies to enhance functionality, analyze usage, and support advertising (with user consent).

  • Session Cookies: Temporary cookies that enable essential site functionality during your visit.
  • Persistent Cookies: Remain on your device to remember preferences and login information for future sessions.
  • Third-Party Cookies: Used for analytics (e.g., Google Analytics), advertising networks, and social media integration.

EXPAND: Cookies are categorized by purpose - functional (site operation), analytics (usage statistics), and advertising (personalized marketing, where permitted).
REFLECT: Users can manage cookie preferences via browser settings or, where available, the internal cookie management panel. Detailed information is provided in the Cookie Policy.

Data Security

OBSERVE: greyrock777.com employs robust security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

  • Encryption: TLS 1.2+ is implemented for all data transmissions; sensitive data is encrypted at rest using industry-standard algorithms.
  • Access Control: Multi-factor authentication, role-based access, and strict internal permissions ensure only authorized personnel can access personal data.
  • Security Audits: Regular internal and external audits are conducted to assess vulnerabilities and ensure compliance with ISO 27001 and SOC 2 standards, where applicable.
  • Staff Training: All employees undergo mandatory data protection and security awareness training.
  • Incident Response: Comprehensive procedures are in place for timely detection, reporting, and management of security incidents, including user notification protocols in the event of a data breach.

EXPAND: Security controls are regularly reviewed and updated in line with technological developments and emerging threats.
REFLECT: Users are encouraged to use strong passwords and report any suspicious activity immediately.

Complaints & Contacts

OBSERVE: greyrock777.com is committed to transparent and efficient complaint resolution regarding data privacy.

  1. Contact Channels: Submit complaints via email (info@greyrock777.com), support email (support@greyrock777.com), contact form (here), or phone (+1 506-735-2820).
  2. Procedure: Upon receiving a complaint, the DPO or designated privacy contact (Taylor McLeod) will acknowledge receipt within 5 business days and provide a substantive response within 30 days.
  3. Escalation: If your concern is not resolved, you may contact the Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/en/, or by mail at 30 Victoria Street, Gatineau, Quebec, K1A 1H3, Canada.

EXPAND: All complaints are handled confidentially and impartially.
REFLECT: Users are encouraged to provide as much detail as possible for efficient resolution.

Updates

OBSERVE: This privacy policy is subject to periodic updates to reflect changes in law, technology, or business practices.

  • Notification Procedures: Users will be notified of significant updates via email, website banner notifications, and dashboard alerts where applicable.
  • Version Control: The current version is marked "Last updated: November 6, 2025." A changelog of material changes will be made available on the privacy policy page.
  • Advance Notice: For material changes, at least 30 days' advance notice will be provided before implementation. Users may object to changes or close their accounts if they do not agree with revised terms.

EXPAND: All previous versions of the privacy policy are archived for reference.
REFLECT: Users are encouraged to review the privacy policy regularly to stay informed of any updates.