GDPR Information - NorthernReelsGame

For Visitors from the European Economic Area (EEA), United Kingdom, and Switzerland: This page provides specific information about how northernreelsgame.com complies with the General Data Protection Regulation (GDPR) and your data protection rights under this legislation.

1. Introduction to GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to the processing of personal data of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland. Even though northernreelsgame.com is primarily designed for Canadian players, we respect the privacy rights of all visitors, including those from GDPR-covered regions.

This document supplements our Privacy Policy and provides GDPR-specific information about your rights, our legal bases for processing, and how we protect your data.

2. Data Controller Information

For the purposes of GDPR, the data controller is:

Entity: northernreelsgame.com
Service: Free social entertainment platform with aurora-themed slot experiences
Contact: support@northernreelsgame.com

3. Legal Basis for Processing Personal Data

Under GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal bases:

3.1 Consent (Article 6(1)(a))

We process certain data based on your explicit consent, including:

Cookie usage (except essential cookies)
Marketing communications and promotional emails
Optional data collection for enhanced features

You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.2 Contractual Necessity (Article 6(1)(b))

We process data necessary to provide northernreelsgame.com services to you, including:

Creating and maintaining your account
Delivering aurora-themed slot gameplay
Displaying leaderboards and achievements
Providing customer support

3.3 Legal Obligation (Article 6(1)(c))

We process data to comply with legal requirements, such as:

Age verification (ensuring users are 18+)
Tax and accounting obligations
Responding to law enforcement requests
Maintaining records as required by law

3.4 Legitimate Interests (Article 6(1)(f))

We process data based on our legitimate interests when those interests are not overridden by your rights and freedoms:

Fraud prevention and security monitoring
Platform improvement and analytics
Network and information security
Internal administration and reporting

We conduct regular assessments to ensure our legitimate interests do not unduly impact your privacy rights.

4. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access

You can request a copy of all personal data we hold about you, including how we use it and who we share it with.

2. Right to Rectification

You can ask us to correct inaccurate or incomplete personal data we hold about you.

3. Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances.

4. Right to Restriction

You can request that we limit how we use your personal data while a dispute is being resolved.

5. Right to Data Portability

You can receive your personal data in a structured, machine-readable format and transfer it to another service.

6. Right to Object

You can object to processing based on legitimate interests, direct marketing, or profiling.

7. Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time without penalty.

8. Right to Lodge a Complaint

You can file a complaint with your local data protection authority if you believe we've violated GDPR.

4.1 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: support@northernreelsgame.com
Subject Line: "GDPR Rights Request"
Include: Specific right you wish to exercise and any relevant details

4.2 Response Timeline

We will respond to your request:

Initial Response: Within 48 hours acknowledging receipt
Full Response: Within 30 days of receiving your request
Complex Requests: Up to 60 days (we will notify you of any extension and the reasons)

4.3 Verification

To protect your privacy, we may ask you to verify your identity before fulfilling rights requests. This may include:

Confirming email address associated with your account
Answering security questions
Providing proof of identity (in limited circumstances)

4.4 Free of Charge

We do not charge a fee to exercise your GDPR rights except in exceptional circumstances where requests are manifestly unfounded, excessive, or repetitive.

5. Data We Collect (GDPR Perspective)

5.1 Categories of Personal Data

Under GDPR terminology, we collect the following categories of personal data:

Identity Data: Username, display name
Contact Data: Email address
Technical Data: IP address, browser type, device information
Profile Data: Preferences, settings, age verification status
Usage Data: Gameplay statistics, time on platform, features used
Marketing Data: Communication preferences (opt-in only)

5.2 Special Categories of Data

We do NOT intentionally collect "special categories" of personal data under GDPR (e.g., racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation). If you voluntarily provide such information (e.g., in support messages), we will handle it with extra care and delete it when no longer needed.

5.3 Automated Decision-Making and Profiling

northernreelsgame.com does NOT engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our analytics are used only to improve the Platform, not to make automated decisions about individual users.

6. International Data Transfers

6.1 Transfers Outside the EEA

As a Canadian-based platform, your personal data may be transferred to and processed in Canada and other countries outside the EEA. When we transfer data internationally, we ensure adequate protection through:

Standard Contractual Clauses (SCCs): EU-approved contracts that require service providers to protect your data
Adequacy Decisions: Canada has been recognized by the European Commission as providing adequate data protection for commercial organizations under PIPEDA
Additional Safeguards: Encryption, pseudonymization, and strict access controls

6.2 Your Rights Regarding Transfers

You can request information about:

Countries to which your data is transferred
Safeguards in place for those transfers
Copies of relevant safeguard documents (e.g., SCCs)

7. Data Retention Under GDPR

7.1 Retention Periods

We retain personal data only for as long as necessary:

Active Accounts: While your account is in use and for a reasonable period afterward
Inactive Accounts: 2 years of inactivity before deletion (with prior notice)
Deleted Accounts: Most data deleted within 30 days; some retained for legal compliance
Legal Requirements: Certain data (e.g., age verification) retained as required by law
Backup Systems: Deleted data may persist in backups for up to 90 days before permanent deletion

7.2 Criteria for Determining Retention

We determine retention periods based on:

The nature and sensitivity of the data
Purposes for which we process the data
Legal, regulatory, or contractual requirements
Statute of limitations periods

8. Data Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage:

8.1 Technical Measures

256-bit SSL/TLS encryption for data in transit
Encryption of sensitive data at rest
Secure authentication and Two-Factor Authentication (2FA)
Regular security audits and penetration testing
Firewall and intrusion detection systems
Regular software updates and patch management

8.2 Organizational Measures

Data protection policies and procedures
Employee training on GDPR and data security
Access controls and need-to-know principles
Confidentiality agreements with staff and contractors
Incident response and breach notification procedures
Regular privacy impact assessments

9. Data Breach Notification

9.1 Our Obligations

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify Authorities: Report to the relevant supervisory authority within 72 hours of becoming aware of the breach
Notify You: Inform affected individuals without undue delay if the breach poses a high risk
Provide Information: Describe the nature of the breach, likely consequences, and measures taken or proposed

9.2 Your Actions

If you suspect a security issue with your account, please contact us immediately at support@northernreelsgame.com with "Security Alert" in the subject line.

10. Third-Party Processors

We engage third-party service providers who may process personal data on our behalf (data processors). We ensure all processors:

Provide sufficient guarantees of GDPR compliance
Process data only on our documented instructions
Implement appropriate security measures
Assist us in fulfilling your GDPR rights
Delete or return data when services end
Sign Data Processing Agreements (DPAs) with GDPR-compliant terms

11. Children's Privacy (GDPR Context)

northernreelsgame.com is intended for individuals 18 years and older. Under GDPR, we do not knowingly process data of children under 16 (or the relevant age in your country) without parental consent. If we discover we have inadvertently collected data from a child, we will delete it immediately.

12. Supervisory Authority

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we have violated GDPR:

12.1 EU Member States

Each EU member state has its own supervisory authority. You can find your local authority here: https://edpb.europa.eu/about-edpb/board/members_en

12.2 United Kingdom

Information Commissioner's Office (ICO)
Website: https://ico.org.uk

12.3 Switzerland

Federal Data Protection and Information Commissioner (FDPIC)
Website: https://www.edoeb.admin.ch

13. Contact Our Data Protection Officer (DPO)

For GDPR-specific inquiries, you can contact our designated data protection contact:

Email: support@northernreelsgame.com
Subject Line: "GDPR / DPO Inquiry"

14. Updates to GDPR Information

We may update this GDPR information page to reflect changes in our practices or legal requirements. When we make material changes, we will:

Update the "Last Updated" date at the top
Notify affected users via email
Provide a reasonable period to review changes

Important Note for Canadian Players

If you are a Canadian resident, your privacy is also protected under Canadian laws including the Personal Information Protection and Electronic Documents Act (PIPEDA). Canada has been recognized by the European Commission as providing adequate data protection for commercial organizations, ensuring a high standard of privacy protection regardless of your location.

Our GDPR Commitment

northernreelsgame.com is committed to full GDPR compliance and respecting the privacy rights of all users, regardless of location. We believe that strong data protection is not just a legal requirement — it's the right thing to do. Our free social entertainment platform is built on trust, transparency, and respect for your personal data.

Remember: northernreelsgame.com is completely free. Winning on our platform does not guarantee winning elsewhere. All gameplay is for entertainment purposes only.

← Return to NorthernReelsGame