burger icon
All Slots Casino Review Canada
Sign Up

Privacy Policy

This Privacy Policy explains how All Slots Casino ("we", "us", "our") collects, uses, discloses, retains, and protects personal information when you visit allslots-play.ca (the "Website") and when you interact with our content, tools, and communications. A privacy policy is required to ensure transparency, support informed choices, and comply with applicable Canadian privacy requirements and generally accepted industry standards for online gambling-related content services.

This Privacy Policy applies to Website visitors, players/readers who use our review and informational services, and individuals who contact us. Effective date: 6 November 2026.

Who We Are

OBSERVE: The Website allslots-play.ca publishes content under the brand context of All Slots Casino and the casino name reference All Slots Casino. The provided regulatory context distinguishes Ontario (official site: https://allslots.ca) from the rest of Canada (official site: https://allslotscasino.com) and references the Malta Gaming Authority (https://mga.org.mt) and iGaming Ontario (https://igamingontario.ca) as sources for licensing and market oversight information.

EXPAND: A compliant privacy page must clearly identify (a) the Website operator that controls visitor data for allslots-play.ca, and (b) the separate casino operators that may control player data when users leave the Website to register or play on third-party casino domains. Because the provided dataset does not specify the Website operator's legal entity, registration number, or a DPO email/phone, we must (i) avoid inventing missing corporate details, (ii) provide an accurate, actionable contact pathway, and (iii) clearly separate Website processing from third-party casino processing.

REFLECT: For transparency and legal defensibility, the Website operator details are presented as "to be confirmed" where not provided, while the explicitly provided casino-operator details are included strictly as third-party context (not as the Website operator). If you require the Website operator's corporate identity and DPO contacts to appear here, you must provide them so they can be published accurately.

  • Website operator (data controller for allslots-play.ca): Legal name, legal address, and registration details are not specified in the provided data. Until confirmed, we act as the contact point for privacy requests via the channels below.
  • Privacy contact (DPO / Data Protection Department): Email address and phone number are not specified in the provided data. You may submit requests via our Website channel: https://allslots-play.ca (use the site's feedback/contact functionality if available).
  • Third-party casino operator context (not the Website operator): The dataset states that Digimedia Ltd, 9 Empire Stadium Street, Gzira, GZR 1300, Malta, is associated with the rest-of-Canada casino operation, and that Ontario operation is associated with Cadtree Limited under AGCO / iGaming Ontario framework (no address or license number provided in the dataset).
  • Regulatory references (informational): Malta Gaming Authority: https://mga.org.mt; iGaming Ontario: https://igamingontario.ca.

What Personal Data We Collect

OBSERVE: The Website operates as a review/content service in Canada and may use common web technologies (logs, analytics, cookies). The dataset does not provide an explicit list of data fields collected, so categories must be defined comprehensively and transparently without overstating what is collected.

EXPAND: Privacy compliance in Canada generally requires identifying categories of personal information, explaining collection methods (direct vs automatic), and clarifying whether sensitive data is collected. Online gambling-adjacent contexts also require careful disclosure about behavioral data and marketing tracking, and a clear distinction between Website data and third-party casino account data.

REFLECT: We describe category-based collection for allslots-play.ca, and we clarify that if you click out to third-party casino domains (e.g., https://allslots.ca for Ontario; https://allslotscasino.com for other provinces), those third parties collect and control your registration and payment data under their own privacy policies.

  • Identity & contact data (provided by you): Such as full name, email address, phone number, and any information you include in messages or support requests submitted through the Website (where available).
  • Technical & usage data (collected automatically): Such as IP address, approximate location derived from IP, device identifiers, browser type/version, operating system, referrer URLs, pages viewed, timestamps, clickstream, and error logs.
  • Preference data: Such as language, consent status, communication preferences, and saved settings (where implemented).
  • Marketing and advertising data: Such as campaign identifiers, ad interaction data, and attribution signals, collected via cookies or similar technologies where consent is required and provided.
  • Behavioral data (on-site): Such as how you navigate our reviews, what links you click, and engagement with page elements; we do not require betting history to provide Website content, but third-party casinos may collect gambling activity data once you leave our Website.
  • Payment data: The Website does not require payment card details for typical browsing; if any paid features are introduced, payment processing (if any) would be handled by payment partners and limited to what is necessary for the transaction, with clear notice at the point of collection.
  • Cookies and similar technologies: Session cookies, persistent cookies, third-party cookies, pixels, SDKs (where applicable) and similar tracking tools as described in the Cookies section.

Legal Basis for Processing

OBSERVE: The processing purposes include providing Website services, analytics, marketing (where applicable), and security. Canada's privacy framework is primarily consent-based, with additional allowances for contractual necessity, legitimate business interests, and legal compliance. The section request also includes common bases like consent, contract, legitimate interests, and legal obligation (KYC/AML) which may apply more strongly to casino operators than to a review site.

EXPAND: To remain accurate, we must map legal bases to the Website's actual activities and separate them from the casino operators' obligations (KYC/AML). We also need to address consent for cookies/marketing, and lawful/security grounds for fraud prevention and maintaining the site.

REFLECT: We rely on consent where required (notably marketing cookies and communications), performance of a contract where you request services (e.g., handling inquiries), legitimate interests for security/analytics with appropriate safeguards, and compliance with legal obligations where applicable. For KYC/AML and gambling account operations, the relevant legal basis is typically held by the third-party casino operators you choose to use.

  • Consent: For optional cookies (analytics/advertising where required), marketing communications (where used), and certain preference settings. You may withdraw consent at any time as described in "Your Rights".
  • Contract / requested services: To respond to inquiries, provide requested information, and administer any user-facing features you choose to use on allslots-play.ca (e.g., subscriptions or account-like functions if introduced).
  • Legitimate interests: To operate and secure the Website, prevent misuse, maintain performance, measure content effectiveness, and improve user experience - balanced against your privacy rights and using minimization and access controls.
  • Legal obligations: To comply with applicable Canadian laws and respond to lawful requests from competent authorities where required. Note: KYC/AML obligations generally apply to gambling operators; when you register or deposit on third-party casino domains, those operators determine and communicate their own legal bases.

Purpose of Processing

OBSERVE: The required purposes include service provision, improvement, marketing, analytics, and fraud prevention.

EXPAND: Purpose limitation requires a clear list that is specific enough to be meaningful, including communications and compliance/security purposes. Gambling-adjacent websites also often need to mention geo/region routing (Ontario vs rest of Canada) and link-out behavior tracking.

REFLECT: We present a purpose list tailored to allslots-play.ca operations while clarifying that third-party casino services are separate.

  • Provide the Website and content: Display reviews, comparisons, informational pages, and region-relevant guidance (e.g., Ontario vs rest-of-Canada official domains referenced in our content).
  • Operate and improve: Monitor performance, diagnose issues, improve layout/content quality, and maintain accessibility and usability.
  • Analytics and measurement: Understand how visitors use the Website, measure engagement, and improve our editorial and technical decisions (subject to cookie choices where applicable).
  • Marketing communications: Send newsletters or updates where you have opted in (if such features are offered), and manage opt-out/withdrawal requests.
  • Security and fraud prevention: Protect the Website, detect malicious activity, prevent abuse, and maintain system integrity.
  • Compliance and record-keeping: Maintain records needed to demonstrate compliance and respond to legal requests where required.

Disclosure & Sharing

OBSERVE: The section requires disclosures to payment partners, service providers, regulators, affiliates, and advertising networks (with consent).

EXPAND: A compliant disclosure section should identify recipient categories, typical reasons, and controls (contracts, limited access). It must also highlight third-party controllers (casino operators) when users click external links and leave the Website.

REFLECT: We limit sharing to what is necessary, apply confidentiality and security expectations to vendors, and require consent where advertising cookies/partners are involved. We also clarify that third-party casino domains operate under their own policies.

  • Service providers (processors): Hosting/CDN, analytics providers, security monitoring, email delivery (if used), and other vendors that support Website operations under contractual confidentiality and purpose limitations.
  • Payment partners: If paid features are introduced, payment processing may be performed by payment processors; we would receive limited confirmation data (e.g., transaction status) rather than full card details, where feasible.
  • Advertising networks and measurement partners: Shared via cookies/pixels/IDs only where required consents are obtained and consistent with your cookie choices.
  • Affiliates and tracking: We may use affiliate link tracking to measure referrals and performance; this may involve unique link identifiers and related attribution signals subject to your cookie settings and applicable law.
  • Regulators and authorities: Disclosure where required by law, court order, or valid legal process, or where necessary to protect rights, safety, and security.
  • Third-party casino operators (separate controllers): When you follow links to external casino domains (including https://allslots.ca for Ontario and https://allslotscasino.com for other Canadian provinces as referenced in our content), those operators collect and use personal information under their own privacy terms; we do not control their processing.

International Transfers

OBSERVE: The dataset references Malta (Digimedia Ltd address) and international regulators (MGA). Website vendors may also process data outside Canada.

EXPAND: Canadian privacy compliance requires transparency about cross-border transfers and the possibility that foreign laws may apply. The prompt mentions "Privacy Shield," which is not broadly relied upon in modern compliance; a safer approach is to describe contractual safeguards, vendor diligence, and risk-based controls, without asserting a specific mechanism unless confirmed.

REFLECT: We explain that data may be processed in Canada and other jurisdictions (including potentially the United States and the EEA/UK depending on vendors), and we commit to safeguards such as contractual clauses, security measures, and transfer risk assessments. We avoid claiming certification frameworks not confirmed.

  • Where transfers may occur: Personal information may be stored or processed in Canada and in other countries where we or our service providers operate (commonly including the United States and, depending on vendors, EEA/UK locations). Third-party casino operators referenced in our content may process data in Malta or other jurisdictions under their own policies.
  • What this means: When information is processed outside your province/territory or outside Canada, it may be subject to the laws of the jurisdiction where it is processed and may be accessible to law enforcement or national security authorities in that jurisdiction.
  • Safeguards: We use contractual protections with service providers, limit access on a need-to-know basis, apply encryption and security controls, and perform vendor due diligence appropriate to the sensitivity of the information.
  • Transfer mechanisms: Where applicable, we may rely on contractual clauses and other recognized safeguards consistent with industry practice. We do not represent participation in any specific cross-border framework unless explicitly stated at the time of transfer.

Data Retention

OBSERVE: The prompt requires retention periods by category (example: no more than 5 years after account closure) plus deletion criteria. The Website may not maintain user "accounts," but may keep inquiry records, logs, consent records, and analytics.

EXPAND: Retention must be tied to purpose and legal needs, with longer retention for security logs and compliance evidence, shorter for raw analytics where possible. The "extend to 2026" instruction is addressed by using relative timelines and referencing the policy effective year (2026).

REFLECT: We provide category-based retention timelines suitable for a Canadian review site. Where a category does not apply (e.g., account closure), we adapt it to "end of relationship" or "last interaction," while preserving the requested "up to 5 years" example as a ceiling for certain records.

Data category Typical retention period Deletion/closure criteria
Inquiry and support communications Up to 24 months after the last interaction Deleted or anonymized when no longer needed to respond, resolve issues, or document outcomes
Technical logs and security records Typically 6 - 18 months (longer if needed for incident investigation) Rotated/deleted when operational and security purposes expire, unless preservation is required for legal reasons
Cookie preferences and consent records Up to 5 years from the time recorded (or shorter if required) Deleted or refreshed when consent is withdrawn, expires, or is no longer necessary to demonstrate compliance
Analytics data Typically 14 - 26 months (aggregated/anonymized where possible) Deleted, de-identified, or aggregated when measurement purposes are met
Marketing subscription data (if used) Until you unsubscribe, then up to 24 months to maintain suppression lists Removed from active lists on opt-out; minimal data retained to respect your opt-out
Payment/transaction records (if applicable) Up to 5 years after the end of the relevant relationship Deleted or minimized when no longer needed for accounting, dispute handling, or legal compliance

Regional Compliance Note (Canada): We retain personal information only as long as necessary for identified purposes and legal requirements, then securely delete, anonymize, or de-identify it.

Your Rights

OBSERVE: The prompt requests "detailed GDPR and Mexican privacy law alignment," including specific rights, procedures, 30-day response time, and free-of-charge guarantees, with references to Mexican regulations where relevant. The page must remain CA-adapted and accurate.

EXPAND: In Canada, individuals generally have rights to access and correct personal information, and to withdraw consent (subject to legal/contractual restrictions). GDPR-style rights (erasure, portability, restriction, objection) may apply when EU/EEA individuals are involved or where a controller voluntarily aligns practices. Mexican privacy law (LFPDPPP) provides ARCO rights (Acceso, Rectificacion, Cancelacion, Oposicion). To be legally defensible, we must (i) state what we will honor for all users as a best-practice standard, (ii) clarify jurisdictional applicability, and (iii) provide clear procedures and timelines.

REFLECT: We provide a unified rights process for all users of allslots-play.ca, with a 30-day target response time, identity verification, and no-fee baseline (fees only where permitted and reasonable). We explicitly reference Mexican ARCO rights under Ley Federal de Proteccion de Datos Personales en Posesion de los Particulares and the GDPR as alignment frameworks, while grounding the policy in Canadian expectations for consent, access, and correction.

  • Right to access: You may request confirmation of whether we hold personal information about you and receive a copy, subject to limited exceptions permitted by law (e.g., security, privilege, or information about other individuals).
  • Right to correction (rectification): You may request correction of inaccurate or incomplete personal information.
  • Right to deletion/cancellation: You may request deletion (GDPR-style "erasure") or cancellation (Mexico "Cancelacion") where information is no longer necessary, consent is withdrawn, or processing is not justified, subject to lawful retention needs (e.g., security logs, compliance evidence).
  • Right to object/opposition: You may object to certain processing (e.g., direct marketing). Under Mexico's LFPDPPP, this aligns with the ARCO right of Oposicion. We will stop or limit processing unless we have compelling grounds or legal requirements.
  • Right to restrict processing: You may request that we temporarily suspend or limit processing in specific circumstances (e.g., while a correction request is assessed).
  • Right to data portability (where applicable): Where we process data by automated means based on consent or contract and portability is technically feasible, you may request a structured, commonly used, machine-readable copy.
  • Right to withdraw consent: You can withdraw consent for optional cookies or marketing at any time. Withdrawal does not affect processing that occurred before withdrawal.

How To Exercise Your Rights

  1. Submit a request: Use https://allslots-play.ca to contact us (via any available feedback/contact pathway). If a specific email address is later published, you may use it for faster handling.
  2. Describe your request clearly: Include the right you want to exercise (access, correction, deletion/cancellation, restriction, objection, portability) and sufficient details to locate your information (e.g., the email used to contact us, approximate dates, device/browser details if relevant to cookies).
  3. Verify identity: We may request reasonable verification to protect you from unauthorized access or deletion (for example, confirming control of an email address or requesting additional details).
  4. Response timeframe: We aim to respond within 30 days. If we need more time due to complexity or volume, we will inform you of the reason and the expected new timeframe.
  5. Fees: Requests are handled free of charge in the ordinary course. If a request is excessive, repetitive, or manifestly unfounded, we may charge a reasonable fee or refuse the request where permitted by applicable law, with an explanation.

Jurisdiction note: This Website is targeted to Canada. We align our rights handling with recognized global standards (including GDPR concepts) and Mexico's ARCO rights under the LFPDPPP where relevant to the requester; however, the specific rights and exemptions that apply depend on your location and the nature of the processing.

Cookies & Tracking Technologies

OBSERVE: The prompt requires cookie types (session, persistent, third-party), purposes (functional, analytics, advertising), and management methods (browser settings, internal panel).

EXPAND: We must explain what each class does, how consent is handled, and how users can manage cookies across devices. If no internal cookie panel exists, we must not claim it does; we can offer browser controls and note that a preference tool may be provided.

REFLECT: We describe cookie categories, give user controls, and link controls to marketing consent and analytics. We avoid naming specific vendors not provided in the data.

  • Session cookies: Temporary cookies that expire when you close your browser; used for essential site functions and navigation.
  • Persistent cookies: Stored for a set period; used to remember preferences (e.g., language) and support measurement over time.
  • Third-party cookies: Set by third parties (e.g., analytics or advertising partners) to measure performance or support advertising functionality, where permitted.

Cookie Purposes

  • Strictly necessary / functional: Enable core Website operation, security, and basic preferences.
  • Analytics: Help us understand usage patterns and improve the Website (often involves aggregated reporting and measurement identifiers).
  • Advertising / marketing: Support ad delivery, frequency capping, attribution, and personalized marketing where allowed and where you consent.

How To Manage Cookies

  • Browser settings: You can block or delete cookies using your browser controls. Note that blocking strictly necessary cookies may affect site functionality.
  • Device controls: Mobile operating systems may provide controls for ad tracking and identifiers (availability depends on device and OS version).
  • On-site controls: Where implemented, you may be able to adjust cookie preferences via a consent banner or settings interface on allslots-play.ca.

Data Security

OBSERVE: The prompt requires comprehensive measures: TLS 1.2+, encryption at rest/in transit, MFA, access controls, audits, training, incident response, and mention of ISO 27001 / SOC 2 where applicable.

EXPAND: We must describe a security program without making unverifiable certification claims. We can state "aligned with" or "based on" recognized standards where appropriate, and emphasize layered controls, vendor management, and breach response.

REFLECT: We present a defense-in-depth approach suitable for a content website that still may process identifiers and contact messages, highlighting encryption, access controls, monitoring, and incident handling.

  • Encryption in transit: We use industry-standard transport security, including TLS 1.2+, to help protect data transmitted between your device and our Website.
  • Encryption at rest (where applicable): Sensitive data stored in our systems or vendor systems is protected using encryption at rest where appropriate to the risk profile and technical architecture.
  • Access controls: Role-based access, least-privilege principles, strong authentication, and multi-factor authentication (MFA) for administrative access where supported.
  • Operational security: Logging and monitoring, vulnerability management, patching practices, and periodic reviews of configurations and permissions.
  • Audits and assurance: We may rely on vendor security attestations and audits (for example, controls aligned with ISO 27001 or SOC 2) where applicable; we do not claim a specific certification unless explicitly stated by the relevant provider.
  • Staff training and governance: Personnel with access to personal information receive security and privacy awareness training appropriate to their role.
  • Incident response: We maintain procedures to investigate, contain, remediate, and document security incidents, and to provide notifications where required by applicable law and risk assessment.

No method of transmission or storage is completely secure. We take reasonable and appropriate measures to reduce risk, but we cannot guarantee absolute security.

Complaints & Contacts

OBSERVE: The prompt requires complaint channels (DPO email/phone, forms, postal address), step-by-step complaint procedure with response times, and escalation to supervisory authorities including Mexico and EU, with direct contact info. The dataset lacks a DPO email/phone and lacks a postal address for the Website operator, but provides a Malta address for Digimedia Ltd (third-party casino context) and regulator URLs.

EXPAND: We must not fabricate contact details. We can provide (i) a Website contact pathway, (ii) an escalation path to Canadian privacy authorities (highly relevant for CA), and (iii) the requested Mexico and EU references with direct official portal links (not invented phone numbers). We also need to clarify that gambling regulators (MGA, AGCO/iGO) are not generally privacy supervisory authorities, but may be relevant for gambling complaints.

REFLECT: We provide a structured complaint process, target response times, and escalation links to: Canada's Office of the Privacy Commissioner (OPC) and relevant provincial authorities, Mexico's INAI for ARCO/LFPDPPP matters, and EU supervisory authorities directory for GDPR-related issues, while inviting users to contact us first for faster resolution.

How To Contact Us

  • Online contact: Use https://allslots-play.ca (site feedback/contact functionality where available).
  • DPO / privacy email and phone: Not specified in the provided data. If/when dedicated details are published, we will list them here and in the Website footer.
  • Postal address: Not specified for the Website operator in the provided data.

Complaint Procedure

  1. Step 1 - Submit your complaint: Provide a description of the issue, relevant dates, and what outcome you are seeking (access, correction, deletion, cookie concerns, marketing opt-out, etc.).
  2. Step 2 - Identity and context check: We may request information to verify identity and to locate records (especially for deletion/access requests).
  3. Step 3 - Initial response: We aim to acknowledge receipt within 7 days and provide a substantive response within 30 days.
  4. Step 4 - Resolution actions: Where appropriate, we will correct records, delete/minimize information, adjust consent settings, or explain why we cannot take a requested action (including any lawful exceptions).
  5. Step 5 - Escalation: If you are not satisfied, you may escalate to the relevant supervisory authority depending on your location.

Escalation To Supervisory Authorities

  • Canada (federal): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca/en/ (complaints and guidance).
  • Canada (provincial, where applicable): Provincial privacy regulators may apply depending on your province/territory and the nature of the organization (for example, Alberta and British Columbia have provincial privacy commissioners for private sector matters).
  • Mexico: Instituto Nacional de Transparencia, Acceso a la Informacion y Proteccion de Datos Personales (INAI) - https://home.inai.org.mx/ (ARCO rights and LFPDPPP-related complaints).
  • European Union/EEA: If GDPR applies to your situation, you may contact your local supervisory authority; directory: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Regulatory note (gambling vs privacy): Gambling regulators referenced in our content (e.g., Malta Gaming Authority at https://mga.org.mt and iGaming Ontario at https://igamingontario.ca) are primarily responsible for gaming oversight. Privacy complaints are typically handled by privacy/data protection authorities listed above.

Updates

OBSERVE: The prompt requires notification methods (email, banners, dashboard alerts), version control with "Last updated: " and a changelog of material changes, 30-day advance notice for significant changes, and user options to object or close accounts. The Website may not have accounts/dashboards; we must conditionally describe these mechanisms.

EXPAND: A defensible updates section specifies when changes take effect, what counts as "material," how users will be notified, and what choices users have (stop using the site, change cookie settings, withdraw consent, unsubscribe). We must align dates/timeframes to 2026.

REFLECT: We provide a clear version stamp, commit to at least 30 days' notice for material changes where feasible, and describe practical user choices on a content website.

Last updated: November 2026

How We Notify You

  • Website banner or notice: We may post a prominent notice on allslots-play.ca for material changes.
  • Email notification: If you have provided an email address for subscriptions or requests (and where legally permitted), we may notify you about material updates.
  • Account/dashboard alerts: If we introduce user accounts or a dashboard in the future, we may provide in-product alerts there. If no such feature exists, this method does not apply.

Advance Notice and Your Options

  • Material changes: For significant changes that affect how we collect, use, or share personal information, we will aim to provide at least 30 days' advance notice before the change takes effect, where feasible.
  • Your choices: You may object by adjusting cookie preferences, withdrawing consent for marketing, or discontinuing use of the Website. If accounts are introduced, you may also choose to close your account and request deletion, subject to retention rules.

Changelog (Material Changes)

  • November 2026: Policy issued/updated for 2026 alignment; clarified Ontario vs rest-of-Canada outbound domain references; expanded rights, retention, international transfers, and complaint escalation pathways.