By Daniel S. McGrath – Updated June 2026
Grand Mondial Casino privacy policy decoded for Canadian players
Grand Mondial Casino has been collecting personal data about Canadian players since 2005. Over two decades, the platform has processed millions of account registrations, identity verification documents, payment transactions, and session records. That’s a substantial data infrastructure built around real people’s financial and behavioural information – and in 2026, the regulatory framework governing how that data is handled is more detailed and more enforceable than at any previous point in the platform’s history. Grand Mondial operates under both KGC and AGCO/iGaming Ontario licences, with the Ontario licence specifically bringing provincial data protection requirements that apply on top of Canada’s federal PIPEDA framework. This guide explains what Grand Mondial’s privacy practices actually involve for Canadian players in 2026.
Why Grand Mondial’s dual licensing matters for privacy
Grand Mondial’s privacy framework in 2026 is shaped by two parallel regulatory structures. The KGC licence governs operations for Canadian players outside Ontario and carries its established data handling standards. The AGCO/iGaming Ontario licence – in place since 2022 – applies to Ontario players and requires compliance with Ontario’s consumer protection standards and the AGCO’s data governance requirements, which incorporate Canadian provincial privacy obligations alongside the federal PIPEDA framework.
For Ontario players, this dual structure means data handling is governed by both federal and provincial requirements simultaneously, with iGaming Ontario providing oversight of the AGCO-licensed operator’s compliance. Players outside Ontario are covered by PIPEDA’s federal protections and the KGC’s licensing standards. The practical difference is that Ontario players have an additional regulatory body – iGaming Ontario – to which privacy-related complaints about the AGCO-licensed version of Grand Mondial can be escalated.
Grand Mondial operates under two distinct operator entities depending on province: Fresh Horizons Ltd for KGC-licensed operations outside Ontario, and Apollo Entertainment Limited for the AGCO-licensed Ontario version. Both entities are subject to PIPEDA for their Canadian player data handling, but the compliance infrastructure and oversight differ between them.
What data Grand Mondial collects from Canadian players
Data provided directly at registration and during account management:
| Category | Specific data points |
|---|---|
| Identity data | Full legal name, date of birth, gender, nationality |
| Contact data | Home address, email address, phone number |
| Verification data | Government-issued photo ID, proof of address, payment method documentation |
| Financial data | Card details, bank account or e-wallet information, CA$ transaction history |
| Occupational data | Occupation field collected during registration |
| Account preferences | Responsible gambling settings, marketing consent, language preference |
Data collected automatically through platform use:
| Category | Specific data points |
|---|---|
| Technical data | IP address, device type, browser version, operating system |
| Behavioural data | Games played, session duration, bet sizes, game selection patterns, win and loss records |
| Location data | IP-based geolocation for provincial eligibility verification |
| Communication data | Live chat records, email support history, chatbot interaction logs |
| Cookie data | Session authentication, preference storage, analytics, marketing tracking |
The occupational data field at registration is worth noting specifically because it’s not universal across Casino Rewards Group properties. Grand Mondial collects occupation information as part of its KYC and AML compliance framework – financial crime regulations in some jurisdictions require operators to understand the source of funds and occupational context for players. Canadian players should complete this accurately rather than leaving it blank or entering placeholder data.
How Grand Mondial uses your personal data
The privacy policy identifies the following specific purposes for processing Canadian player data:
- Account creation, authentication, and ongoing management within the Casino Rewards Group infrastructure
- Processing CA$ deposits, withdrawals, and bonus transactions
- Identity verification and KYC compliance under Canadian and applicable AML legislation
- Fraud detection, prevention, and financial crime investigation
- Regulatory compliance and reporting to the KGC, AGCO, and iGaming Ontario as applicable
- Responsible gambling monitoring – analysing behavioural patterns to identify risk indicators and restrict marketing to high-risk accounts
- Customer support and complaint resolution
- Platform development and technical performance improvement
- Casino Rewards Group loyalty program administration
- Marketing communications with explicit prior consent only
The Casino Rewards Group loyalty program administration use is specific to Grand Mondial’s group membership. Your point balance, tier status, and redemption history are shared across the group’s shared loyalty infrastructure to enable the cross-platform portability that makes the program valuable. This is a disclosed operational necessity rather than a marketing data sale, and it operates within the terms players agree to when participating in the loyalty program.
Third parties who may receive Grand Mondial player data
| Third party category | Purpose | Notes |
|---|---|---|
| Casino Rewards Group entities | Loyalty program, duplicate account detection, group compliance | Shared infrastructure across 15+ properties |
| Payment processors | Processing CA$ fiat transactions | Interac, Visa, Mastercard, PayPal, Skrill, Neteller |
| Identity verification providers | KYC and age verification | Third-party document authentication |
| Regulatory authorities | Legal compliance and reporting | KGC, AGCO, iGaming Ontario |
| IT and infrastructure providers | Platform hosting and security | Cloud servers and cybersecurity services |
| Analytics providers | Platform performance analysis | Usage and behaviour tracking tools |
| Marketing platforms | Delivering consented promotional communications | Email and content delivery |
Grand Mondial states that personal data is not sold to third-party advertisers – a commitment that PIPEDA’s consent requirements reinforce legally for Canadian players. Marketing communications are sent only to players who have opted in, and consent can be withdrawn at any time.
The Casino Rewards Group data sharing warrants the most explanation. Grand Mondial shares administrative and compliance data within the group for legitimate operational purposes: managing the loyalty point system across properties, detecting duplicate accounts across the network, and maintaining group-level AML compliance. This does not mean your personal gambling data is shared across group casinos for independent marketing purposes without separate consent.
Data security measures
Grand Mondial protects player data through the following security infrastructure in 2026:
- 128-bit SSL encryption on all data transmitted through the platform
- PCI-compliant payment data infrastructure for card transaction security
- eCOGRA certification covering game fairness and platform operational standards
- Real-time transaction monitoring for fraud and AML indicators
- Role-based internal access controls limiting staff data access by function
- Automated session timeout mechanisms after inactivity
The eCOGRA certification covers not just game RNG integrity but platform operational standards more broadly, providing independent third-party oversight of how the platform functions beyond just the statistical fairness of individual games.
Data retention: how long Grand Mondial keeps your information
| Data type | Retention period | Regulatory basis |
|---|---|---|
| Identity and KYC documents | 5 years post-account closure | Canadian AML legislation |
| Financial transaction records | 5 years post-transaction | Financial audit compliance |
| Game session and play history | 3 years | Dispute resolution |
| Customer support records | 3 years | Complaint handling |
| Marketing consent records | Consent duration plus 1 year | PIPEDA compliance |
| Technical access logs | 12 months | Security monitoring |
The five-year KYC retention is a legal obligation under Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act. It applies to both the Fresh Horizons Ltd and Apollo Entertainment Limited entities operating Grand Mondial and cannot be waived at a player’s request during the retention period. After the period expires, data must be securely deleted or permanently anonymised.
Your rights as a Canadian player under PIPEDA
Under federal privacy legislation and Ontario’s applicable frameworks, Canadian players at Grand Mondial have the following rights:
- Right of access – request a complete copy of all personal data Grand Mondial holds about you
- Right to correction – request updates to inaccurate or outdated information
- Right to withdraw consent – for marketing and non-essential processing, opt out at any time
- Right to complain – file with the Office of the Privacy Commissioner of Canada
- Right to account closure – Grand Mondial must close your account on request, subject to retention obligations
Ontario players have an additional escalation option: privacy-related complaints about the AGCO-licensed version of Grand Mondial can be directed to iGaming Ontario as part of the province’s regulated operator oversight framework. This provides a provincial regulatory pathway in addition to the federal Privacy Commissioner process.
PIPEDA access requests must be addressed within 30 days. Contact the support team through live chat or email to initiate any data rights request.
