Privacy Policy
At Mr Play, privacy matters for every session in Canada. This Privacy Policy outlines how we collect, use, disclose, and protect personal data under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial requirements.
Navigation
By accessing our services, you agree to the practices described here. If anything is unclear, you can withdraw consent by requesting account closure or by contacting us using the secure options available on our site.
What we collect and why
We collect specific information to operate your account, process payments, maintain accurate gameplay records, and meet legal obligations. This helps keep identity checks reliable, transactions traceable, and security controls effective.
- Personal details such as name, address, email, date of birth, phone number, and verification documents.
- Payment information including card details, e-wallet details, and transaction history tied to your account.
- Technical data such as IP address, device information, cookies, and browsing behaviour on our website.
- Gameplay data including games played, deposits, withdrawals, and promotions accessed.
How we use personal information
We use personal information to deliver services, protect accounts, and support compliance checks. We may also use technical and behavioural signals to improve usability and maintain consistent access patterns.
- Create and manage accounts, and process deposits and withdrawals securely.
- Verify identity, age, and eligibility for gaming participation.
- Personalize the onsite experience, including bonuses, promotions, and relevant alerts.
- Analyze site usage to improve services, products, and campaigns.
- Meet legal duties, including anti-money laundering requirements.
Disclosure and limited sharing
We do not sell, trade, or rent personal information. When sharing is necessary, we limit it to what is required for a defined purpose.
Information may be disclosed to payment processors, software and analytics providers, identity verification and fraud-prevention services, or legal authorities, and only for legitimate operational or legal reasons. Partners and processors operate under confidentiality commitments and privacy requirements, including GDPR-aligned controls where applicable.
International transfers and storage
Mr Play is headquartered in Canada, and some processors may store or process data outside the country, including within the EU. Where applicable, transfers follow contractual safeguards designed to provide protection equivalent to Canadian standards, including mechanisms such as Standard Contractual Clauses.
Some records may be stored in encrypted facilities in the European Economic Area, with access limited to authorized personnel operating under confidentiality agreements.
Security measures and incident response
We use layered controls to protect accounts, payments, and data access. These measures include encryption, access management, and monitoring intended to reduce unauthorized use.
- SSL encryption with 256-bit protocols for sensitive transmissions.
- Two-factor authentication and role-based staff access controls.
- Regular vulnerability scans and penetration testing.
- PCI DSS-compliant payment processing controls for card transaction handling.
If a security incident affects your personal data, we notify impacted users promptly and inform relevant authorities. Where required and applicable, notifications may be made within 72 hours of confirming unauthorized disclosure.
Account security tips
Good login practices reduce the risk of unauthorized access. Consider the following steps for added protection.
- Use a unique password that you do not reuse elsewhere.
- Change credentials every six months, or sooner if you notice unusual activity.
- Do not share login information with anyone.
- Enable multi-factor authentication when available in settings.
Cookies and tracking controls
Cookies, pixels, and similar tools support session continuity, site performance, and tailored content. Cookie preferences can be adjusted in your account settings, and ad tracking can be refused at any time.
Retention, access, and your rights
Data retention follows operational needs and legal or regulatory requirements in Canada. Account data is kept while your account is active, plus any required retention period.
Depending on the record type, retention can be up to 5 years after account closure or as required by law. Access logs may be retained for 1 year to support security review and investigation.
Under PIPEDA, you can access and review the personal data we hold, request corrections, object to certain processing, and request deletion of your account, subject to legal retention duties.
| Topic | What it means | Timing / standard |
|---|---|---|
| Minimum age access | Site not intended for individuals under 19 | Access prevention steps apply |
| Transport security | SSL protection for sensitive data transfers | 256-bit encryption |
| Session handling | Automatic logout after inactivity | 30 minutes |
| Correction requests | Updates to inaccurate information | Within 7 business days |
| Rights request timing | Acknowledgement and completion targets | 72 hours / 30 days |
| Account record retention | Stored only as long as necessary | Up to 5 years after closure |
| Access logs | Kept to support investigation of unauthorized actions | 1 year |
| Sharing approach | Minimum necessary disclosure; no sale or rental | Consent or legal duty |
Getting in touch
A Data Protection Officer oversees privacy questions and requests. You can contact us through the encrypted contact forms available within your account area.