burger icon
Golden Tiger Review Canada
Sign Up

Privacy Policy

Effective date: 1 January 2026

This Privacy Policy explains how Golden Tiger, available at https://goldentiger-bet.ca (the "Site"), collects, uses, discloses, and protects personal information. It applies to visitors of the Site, players who follow our links to the Golden Tiger online casino, and any individual who contacts us or interacts with our services. By visiting or using the Site, you acknowledge that your personal information will be processed in accordance with this Privacy Policy and applicable Canadian privacy laws, as well as, where relevant, privacy laws of other jurisdictions (such as the EU/EEA and Mexico). If you do not agree with this Privacy Policy, please do not use the Site.

Who We Are

Controller / Operator

The Site provides information and review content about the Golden Tiger online casino for Canadian users (excluding Ontario). The underlying casino brand "Golden Tiger" is operated under the authority of the Kahnawake Gaming Commission.

  • Trading name: Golden Tiger (online casino brand)
  • Site name: Golden Tiger at goldentiger-bet.ca
  • Casino main site: https://goldentigercasino.com
  • Operating company: Fresh Horizons Ltd (a limited company registered in the British Virgin Islands)
  • Regulatory authorization: Client Provider Authorization issued by the Kahnawake Gaming Commission (KGC), Mohawk Territory of Kahnawake, Canada, verified as active in the KGC Permit Holders Registry as of 22 May 2024.

Fresh Horizons Ltd is the primary entity responsible for operating the Golden Tiger casino and, together with its affiliates and service providers, acts as data controller for player account information and related processing activities. The Site may also act as a marketing and review platform for the Golden Tiger brand, in which case personal information collected through goldentiger-bet.ca is controlled by Fresh Horizons Ltd and/or its designated group entities.

Registered / legal address

Fresh Horizons Ltd is registered in the British Virgin Islands. A full registered office address and company registration number are not specified in the data provided to us and may change over time. Where required by law, we will provide up-to-date corporate identification details upon written request to our Data Protection Officer ("DPO").

Regulatory notes

  • The Golden Tiger casino operates under Kahnawake Gaming Commission oversight. Information about the Commission and its regulations is available at https://gamingcommission.ca/regulations.htm.
  • Golden Tiger does not appear on the iGaming Ontario list of regulated operators. Ontario residents should not access real-money services via Golden Tiger and may instead be redirected to other Casino Rewards brands licensed in Ontario.

Data Protection Officer / Privacy Contact

We have designated a contact point for privacy and data protection matters:

  • Data Protection Officer (DPO): Data Protection Officer, Fresh Horizons Ltd
  • E-mail: [email protected]
  • Website contact form (gambling disputes via ADR): eCOGRA online dispute form at https://ecogra.org/ata/policies_procedures.php (primarily for gambling-related disputes; privacy-specific concerns should be sent to the DPO e-mail)
  • Postal contact: Data Protection Officer, Fresh Horizons Ltd, British Virgin Islands (full mailing details available on request)

What Personal Data We Collect

We collect only the personal information that is reasonably necessary for the purposes described in this Privacy Policy, in accordance with Canadian privacy law and other applicable regulations.

Identification and contact details

  • Basic identification data: first and last name, date of birth, country of residence, preferred language.
  • Contact data: e-mail address, telephone number, postal address (where provided), account username, and, if applicable, social media identifiers used to contact our support team.

Verification (KYC/AML) data

  • Identity verification data: copies or details of government-issued identification documents (e.g., passport, ID card, driver's licence), proof of address (e.g., utility bill, bank statement), and any additional documentation we may require under anti-money laundering ("AML"), counter-terrorist financing ("CTF"), and "know your customer" ("KYC") obligations.
  • Source of funds / source of wealth information: information necessary to meet regulatory requirements or group risk policies, such as occupation, employer, income range, or bank statements, where requested.

Technical and device information

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, device settings, language and time zone.
  • Usage and log data: pages viewed, links clicked, time and date of visits, referring URLs, session duration, error logs, and interaction data with customer support.

Gaming, transactional and behavioural data

  • Account and game activity: registration details, login history, games played, stakes, wins and losses, bonus use, loyalty points, and any self-exclusion or responsible-gambling limitations you set.
  • Payment and financial data: deposit and withdrawal records, payment method type (e.g., card type, e-wallet provider), partial card details (masked), transaction identifiers, currency, and amounts. Sensitive payment data (such as full card numbers) are typically processed by certified payment service providers on our behalf and are not stored in full by us.
  • Behavioural and preference data: interaction patterns with our Site and the Golden Tiger casino, marketing preferences, responses to surveys, participation in promotions, and communications with our customer service or VIP teams.

Cookies and similar technologies

  • Cookies: small text files stored on your device, including session cookies (which expire when you close your browser) and persistent cookies (which remain for a set period or until deleted).
  • Other identifiers: web beacons, pixels, tags, SDKs, and similar technologies used to measure ad performance, prevent fraud, and understand usage patterns.
  • Third-party tools: analytics tools and advertising networks may collect pseudonymous identifiers and usage data when you visit the Site or follow our links, subject to your consent where required.

Information from third parties

  • Affiliates and partners: we may receive information from marketing partners, payment providers, verification services, and responsible-gambling organisations where needed to provide our services or to resolve complaints.
  • Regulators and ADR bodies: in the context of investigations or complaint handling, we may receive information from bodies such as the Kahnawake Gaming Commission or eCOGRA.

Legal Basis for Processing

We process personal information in line with applicable Canadian law (including the Personal Information Protection and Electronic Documents Act - "PIPEDA" - and substantially similar provincial laws), and, where relevant, with the EU General Data Protection Regulation ("GDPR") and Mexican privacy law.

Consent

  • Canadian law (PIPEDA and similar): we rely on your express or implied consent to collect, use, and disclose personal information for clearly identified purposes, such as creating an account, sending marketing communications, or storing non-essential cookies.
  • GDPR / EU residents: for individuals in the EEA/UK, we rely on consent to send direct electronic marketing and to place non-essential cookies or similar technologies.
  • Mexican law: under the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), we rely on your consent and on the privacy notice we provide to process your personal data, except where consent is not required by law.

Contractual necessity

  • To take steps at your request prior to entering into a contract and to perform our contract with you, including:
    • creating and maintaining your player account;
    • processing deposits, wagers, and withdrawals;
    • providing customer support and dispute resolution; and
    • providing services and features described on the Site.

Legitimate interests / reasonable purposes

  • We process personal information for our legitimate interests (GDPR) or reasonable purposes (Canadian law), provided that such processing is proportionate and respects your rights, including:
    • preventing, detecting, and investigating fraud, abuse of bonuses, and other unlawful or improper activity;
    • ensuring network and information security;
    • improving our Site, services, and user experience;
    • personalising content and offers; and
    • maintaining internal records, analytics, and reporting.

Compliance with legal and regulatory obligations

  • We are required to process certain personal information to:
    • comply with KYC/AML/CTF obligations under Kahnawake Gaming Commission regulations and other applicable laws;
    • cooperate with gambling regulators and law enforcement authorities;
    • comply with tax, accounting, and record-keeping requirements; and
    • meet data breach notification and record-keeping duties under PIPEDA, Quebec law, GDPR (for EU residents), and Mexican law where applicable.

Purpose of Processing

Provision of services and account management

  • Operating the Site and casino services: to provide you with information about Golden Tiger, allow you to register or log in to your casino account, and facilitate deposits, gameplay, and withdrawals through goldentigercasino.com and related platforms.
  • Customer support: to respond to queries, complaints, and technical issues, verify your identity when you contact us, and record communications for quality and training purposes.

Regulatory compliance and risk management

  • KYC/AML/CTF compliance: to verify your identity, age, location, and eligibility to use the services; perform ongoing monitoring; and meet legal obligations imposed by the Kahnawake Gaming Commission and other authorities.
  • Responsible gambling and player protection: to apply self-exclusion and deposit limits, monitor for signs of problematic gambling, and comply with our regulatory and social responsibility obligations.
  • Fraud and security: to detect and prevent fraud, misuse of promotions, money laundering, terrorism financing, and security breaches, and to protect your account.

Service improvement and analytics

  • Analytics and performance: to analyse how visitors and players use the Site and casino services, understand trends, perform statistical analysis, and improve our content, user interface, and product offering.
  • Testing and optimisation: to test new features, run A/B experiments, and ensure that our systems function effectively across devices and browsers.

Marketing and personalisation

  • Direct marketing: to send you promotional e-mails, SMS, in-app messages, or other communications about bonuses, offers, tournaments, and news from Golden Tiger or related brands, where permitted by law and your preferences.
  • Personalised content: to tailor offers, recommendations, and bonuses based on your account profile, activity, and preferences.
  • Advertising and affiliates: to measure the effectiveness of our marketing campaigns and affiliate partnerships, including through cookies and pseudonymous identifiers (subject to your consent where required).

Legal claims and business operations

  • Record-keeping and audits: to maintain internal records, support financial audits, and demonstrate compliance to regulators and certification bodies such as eCOGRA.
  • Dispute resolution and enforcement: to manage and resolve disputes (including via eCOGRA), enforce our terms and conditions, and protect our rights, property, and users.

Disclosure & Sharing

We do not sell your personal information in the ordinary sense of the term. However, we may disclose personal information to the following categories of recipients, strictly on a need-to-know basis and subject to appropriate safeguards:

Group companies and affiliates

  • Group entities: other companies in the same corporate group as Fresh Horizons Ltd that support the operation of Golden Tiger and related brands (for example, for hosting, risk management, or customer support).
  • Marketing affiliates: trusted marketing partners who refer players to the casino or promote our services, in order to attribute conversions and manage affiliate programmes.

Service providers and professional advisers

  • Payment and banking partners: payment processors, banks, and financial institutions involved in processing your deposits and withdrawals.
  • KYC and verification services: identity verification providers, credit reference agencies (where permitted), and sanctions/PEP screening services used to meet regulatory requirements.
  • Technology and security providers: hosting providers, cloud services, IT support, security monitoring, DDoS protection, and analytics providers.
  • Professional advisers: lawyers, auditors, consultants, and accountants who assist with legal, financial, and compliance matters under obligations of confidentiality.

Regulators, ADR bodies and public authorities

  • Gambling regulators: including the Kahnawake Gaming Commission and other competent regulators, in connection with licensing, inspections, or investigations. See https://gamingcommission.ca/interactive-gaming/player-complaints/ for relevant contact information for player complaints.
  • Alternative dispute resolution (ADR): eCOGRA or similar ADR bodies may receive relevant personal information when you lodge a complaint at https://ecogra.org/ata/policies_procedures.php.
  • Law enforcement and authorities: police, tax authorities, courts, and other public bodies where required by law or reasonably necessary to establish, exercise, or defend legal claims, or to protect our users and systems.

Advertising networks and analytics partners

  • Subject to your consent where applicable, we may share pseudonymous identifiers and behavioural data with:
    • online advertising networks;
    • social media platforms; and
    • analytics providers
    to serve and measure targeted advertising and campaigns. We contractually prohibit these partners from using your data for their own unrelated purposes.

Corporate transactions

  • In the event of a merger, acquisition, reorganisation, sale of assets, or insolvency, your personal information may be transferred to third parties as part of the transaction, subject to continued protection consistent with this Privacy Policy.

International Transfers

Due to the international nature of online gambling services and the use of global service providers, your personal information may be transferred to, stored, and processed in countries other than the one where you reside.

Locations of processing

  • Canada: including data centres and support operations, particularly within the Mohawk Territory of Kahnawake under the oversight of the Kahnawake Gaming Commission.
  • British Virgin Islands: where Fresh Horizons Ltd is registered and may manage certain corporate and administrative functions.
  • European Union / United Kingdom: where certain group companies or service providers may be located.
  • United States and other jurisdictions: where some technical, payment, and analytics service providers may operate.

Safeguards for international transfers

  • Canadian adequacy: Canada is recognised by the EU as providing an adequate level of protection for personal data transferred from the EEA in many sectors, which supports some transfers to our Canadian operations.
  • Contractual safeguards: for transfers from the EEA/UK or other jurisdictions with transfer restrictions to countries that do not offer an equivalent level of data protection, we seek to implement appropriate contractual safeguards, such as:
    • EU Standard Contractual Clauses (SCCs) and/or UK-approved international data transfer agreements or addenda; and
    • additional technical and organisational measures, such as encryption and access controls.
  • Mexican privacy requirements: for data subject to Mexican law, we take reasonable steps to ensure that foreign recipients provide the same level of protection as required by LFPDPPP and its regulations, including through contractual obligations.

You may request further information about our international transfer safeguards by contacting the DPO at [email protected].

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the category of data and applicable legal requirements.

Standard retention periods

  • Player account data: generally kept for the life of your account and for up to five (5) years after account closure, unless a longer period is required by law or is necessary for legal claims.
  • KYC/AML documentation: typically retained for at least five (5) years after the end of the business relationship or the date of the last transaction, in line with regulatory requirements.
  • Transaction and gaming records: usually kept for five (5) years from the date of the relevant transaction or game session, subject to longer retention where legally required.
  • Technical logs and security records: generally retained for twelve (12) to twenty-four (24) months, unless needed longer for investigation of security incidents, fraud, or legal claims.
  • Marketing and communication preferences: retained until you withdraw your consent or object to marketing, after which we keep a minimal record of your opt-out request to ensure compliance (typically for up to five (5) years).
  • Complaint and dispute files: retained for the duration of the complaint and for a further period of up to five (5) years (or longer if required), to demonstrate compliance and manage legal risk.

Deletion, anonymisation and archival

  • Deletion or anonymisation: when data is no longer needed, we will securely delete it or irreversibly anonymise it so that it can no longer be associated with you. Aggregated, anonymised data may be retained for statistical and analytical purposes.
  • User requests: subject to legal limits, we will act on your requests to delete or anonymise personal information (see "Your Rights" below). In some cases, we may retain certain information despite your request if required by law or necessary to protect our legitimate interests (e.g., to comply with AML obligations or to resolve disputes).

Your Rights

We respect your rights over your personal information and aim to align our practices with Canadian privacy laws (including PIPEDA and substantially similar provincial laws), GDPR standards for individuals located in the EEA/UK, and Mexican privacy law (particularly the ARCO rights under LFPDPPP), to the extent applicable.

Core rights (Canada, GDPR, Mexico)

  • Right of access: you can request confirmation of whether we hold personal information about you and receive a copy of that information, along with an explanation of how it is used and disclosed.
  • Right to rectification / correction: you may request correction of inaccurate or incomplete personal information. Where possible, you can correct certain data directly through your account settings.
  • Right to erasure / cancellation: you may request deletion of your personal information in appropriate circumstances (for example, when it is no longer needed or where you withdraw consent), subject to our legal obligations to retain certain records (e.g., AML, regulatory, and tax records).
  • Right to restriction of processing: in some cases you can request that we restrict the processing of your data (for example, while we verify its accuracy or assess an objection).
  • Right to object: you may object at any time to:
    • processing based on our legitimate interests, on grounds relating to your particular situation; and
    • processing for direct marketing purposes, in which case we will stop such processing.
  • Right to data portability (GDPR / some other regimes): where technically feasible and legally required, you may receive your personal data in a structured, commonly used, machine-readable format and request that we transmit it to another controller.
  • ARCO rights under Mexican law: individuals whose data is subject to Mexican law may exercise their rights of Access, Rectification, Cancellation, and Opposition (ARCO), as well as their right to revoke consent and to limit the use or disclosure of their personal data, subject to statutory exceptions.

Marketing and consent-related rights

  • Withdrawal of consent: where we rely on your consent to process personal information (for example, for marketing or optional cookies), you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
  • Marketing opt-out: you can unsubscribe from marketing communications at any time by following the instructions in our messages (such as the "unsubscribe" link in e-mails) or by contacting us at [email protected]. We may still send non-promotional messages (e.g., service notices, changes to terms).

How to exercise your rights

  1. Submit a request: contact our DPO at [email protected] and clearly state:
    • your name and contact details;
    • the right(s) you wish to exercise; and
    • any relevant details to help locate your information (e.g., username, account ID, approximate dates).
  2. Identity verification: to protect your privacy, we may ask you for additional information to verify your identity before acting on your request. If you submit a request on behalf of another person, we may require evidence of your authority.
  3. Response timeframe: we aim to respond to all requests within thirty (30) days of receipt, in line with PIPEDA, GDPR, and Mexican standards. If your request is complex or we receive many requests, we may extend this timeframe by an additional thirty (30) days, in which case we will notify you.
  4. Fees: we will handle your request free of charge, unless it is manifestly unfounded or excessive (for example, repetitive requests). In such cases, we may charge a reasonable fee or refuse to act, as permitted by law.

If you are dissatisfied with our response, you have the right to lodge a complaint with a competent supervisory authority as described in the "Complaints & Contacts" section below.

Cookies & Tracking Technologies

We use cookies and similar technologies on the Site to ensure its proper functioning, to improve your experience, to analyse usage, and to support our marketing activities. Some cookies are essential, while others are optional and used only with your consent where required by law.

Types of cookies

  • Session cookies: temporary cookies that exist only while your browser is open and are deleted when you close it. They help with navigation and remembering your selections during a session.
  • Persistent cookies: cookies that remain on your device for a set period or until you delete them. They can recognise you when you return to the Site and remember your preferences.
  • First-party cookies: cookies placed by goldentiger-bet.ca to support Site functionality and analytics.
  • Third-party cookies: cookies placed by trusted partners (e.g., analytics providers, advertising networks) to understand usage and measure campaign performance.

Purposes of cookies

  • Strictly necessary / functional: required for the Site to operate correctly, such as enabling secure logins, protecting forms from abuse, and remembering basic preferences. These cannot be disabled via cookie tools, though you can still block them via your browser (which may affect functionality).
  • Performance and analytics: used to collect information about how visitors use the Site (e.g., which pages are visited most often, error messages). This helps us improve usability and performance.
  • Advertising and marketing: used to deliver and measure personalised advertising, track conversions, and manage affiliate relationships. We use these only where permitted by law and subject to your consent where required.

Managing cookies

  • Browser settings: most browsers allow you to refuse or delete cookies through their settings (for example, blocking third-party cookies or clearing browsing data). The method varies by browser; consult your browser's help section for details.
  • On-site controls (where available): we may provide an on-site cookie banner or preferences centre allowing you to manage non-essential cookies. You can revisit these settings at any time to update your choices.
  • Impact of disabling cookies: if you block or delete cookies, some features of the Site or casino services may not function correctly or may become unavailable.

Data Security

We implement a combination of technical, organisational, and physical security measures designed to protect personal information against unauthorised access, loss, misuse, alteration, and disclosure. While no system can guarantee absolute security, we continuously assess and improve our safeguards.

Technical measures

  • Encryption in transit: data transmitted between your device and our systems (including the Golden Tiger casino platform) is protected using Transport Layer Security (TLS) version 1.2 or higher, where technically supported by your device and browser.
  • Encryption at rest: sensitive data (such as certain account and financial details) is encrypted at rest using industry-standard algorithms. Passwords are stored using hashing and salting techniques rather than in plain text.
  • Access controls: access to personal information is restricted to authorised personnel and service providers based on the "need-to-know" principle, using role-based access controls and, where appropriate, multi-factor authentication.
  • Network and application security: we use firewalls, intrusion detection and prevention systems, anti-malware tools, and secure development practices to protect our infrastructure and software.

Organisational and procedural measures

  • Policies and training: we maintain internal policies on information security, data protection, and acceptable use. Staff with access to personal information receive privacy and security training, including AML and responsible-gambling awareness.
  • Vendor due diligence: we select third-party service providers carefully and require them to implement appropriate security measures and confidentiality obligations, including through data processing agreements where applicable.
  • Audit and monitoring: we conduct regular internal reviews, risk assessments, and, where appropriate, third-party security assessments. Our controls are informed by recognised frameworks such as ISO 27001 and SOC 2, although we may not hold formal certification.

Incident response and breach notification

  • Detection and response: we monitor for potential security incidents and have procedures in place to investigate, contain, and remediate any breaches or suspected breaches.
  • Notification: where a breach of security safeguards poses a real risk of significant harm, we will notify affected individuals and relevant regulators, such as the Office of the Privacy Commissioner of Canada (OPC), and, where applicable, EU/EEA supervisory authorities or Mexican authorities, in accordance with legal requirements.

Complaints & Contacts

If you have any questions, concerns, or complaints about how we handle your personal information, we encourage you to contact us first so that we can attempt to resolve the issue directly.

Contacting us

  • Data Protection Officer: Data Protection Officer, Fresh Horizons Ltd
  • E-mail: [email protected]
  • Gambling dispute form (ADR): for gambling-related disputes, you may also use eCOGRA's online dispute form at https://ecogra.org/ata/policies_procedures.php. This is an alternative dispute resolution channel and is not a substitute for contacting us about privacy-specific issues.

Internal complaint procedure

  1. Submission: send us a written complaint by e-mail, clearly outlining your concerns and any relevant details (such as account ID, dates, and supporting documents).
  2. Acknowledgement: we will acknowledge receipt of your complaint as soon as reasonably practicable, and in any case typically within five (5) business days.
  3. Investigation: we will investigate the matter, which may involve reviewing records, speaking with relevant staff, and, where appropriate, consulting external advisers or service providers.
  4. Response: we aim to provide a substantive response within thirty (30) days of receiving your complaint. If more time is needed due to complexity, we will inform you and provide an updated timeline.
  5. Follow-up: if you remain dissatisfied, you may escalate your complaint to a relevant supervisory authority as described below.

Supervisory authorities and regulators

  • Canada (primary jurisdiction):
    • Office of the Privacy Commissioner of Canada (OPC): you may lodge a complaint with the OPC if you believe your privacy rights under PIPEDA have been violated. Contact details and complaint procedures are available at https://www.priv.gc.ca/.
    • Provincial privacy commissioners: if you reside in a province with its own private-sector privacy legislation (such as Quebec, British Columbia, or Alberta), you may have the right to complain to the relevant provincial authority. Their contact details are available on their official websites.
  • European Union / European Economic Area (GDPR): if you are located in the EEA or UK and believe your GDPR rights have been infringed, you may lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available via the European Data Protection Board at https://edpb.europa.eu/.
  • Mexico: individuals whose personal data is processed under Mexican law may submit complaints or queries to:
    • National Institute for Transparency, Access to Information and Personal Data Protection (INAI): information on how to file a complaint is available on the INAI website at https://www.inai.org.mx/.
  • Gambling regulators and dispute channels:
    • Kahnawake Gaming Commission: for gambling-related complaints (not limited to privacy), you may refer to https://gamingcommission.ca/interactive-gaming/player-complaints/ for procedures.
    • eCOGRA: as noted, eCOGRA provides ADR services for certain disputes via https://ecogra.org/ata/policies_procedures.php.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will take appropriate steps to inform you in advance, consistent with applicable law.

Notification of changes

  • On-site notice: we will post the updated Privacy Policy on goldentiger-bet.ca with a revised "Last updated" date and may display a prominent banner or pop-up on the Site or within your account dashboard.
  • E-mail notifications: where required or appropriate, we may send an e-mail notice to the address associated with your account describing the key changes.
  • Advance notice: for significant changes that materially affect your rights or how we process your personal information, we will, where practicable, provide at least thirty (30) days' advance notice before the changes take effect. During this period, you may choose to object to the changes or close your account.

Your options on change

  • Continued use: if you continue to use the Site or the Golden Tiger casino services after the effective date of an updated Privacy Policy, you will be deemed to have accepted the changes, to the extent permitted by law.
  • Objection and account closure: if you do not agree with the updated terms, you may contact us to raise objections or request closure of your account. We will continue to process your personal information only as permitted by law, including for any remaining legal and regulatory obligations.

Version control

Last updated: January 2026

  • Current version highlights:
    • Clarified roles and responsibilities of Fresh Horizons Ltd, Golden Tiger, and the Golden Tiger brand.
    • Expanded information on international data transfers and security measures.
    • Enhanced alignment with GDPR and Mexican ARCO rights, in addition to Canadian privacy law requirements.