Pinnacle (otherwise referred to herein as "we" or "us") adheres to the Freedom of Information and Protection of Privacy Act (“FIPPA”) and the Personal Information Protection and Electronic Documents Act (“PIPEDA”). This Privacy Policy applies to the services offered by Pinny (Ontario) Limited which includes the website available at www.pinnacle.ca.

Pinnacle is providing its services as a part of the open regulated internet gaming (iGaming) market in Ontario conducted and managed by iGaming Ontario (“iGO”) and is collecting, using and disclosing personal information on behalf of, and as agent of, iGO.

We collect your personal information under the legal authority of FIPPA and other applicable privacy laws, Ontario regulation 722/21 made under the Alcohol and Gaming Commission of Ontario Act, and the Operating Agreement between iGO and Pinny (Ontario) Limited.

This version was last updated on August 23, 2022.

Pursuant to FIPPA’s Section 40(2), it is important that the personal information we hold about you is accurate. While we use reasonable efforts to ensure your personal information is accurate, we ask that you update your information through your account whenever your information is incomplete, out-of-date or otherwise changes. Please refer to section eight “Your Rights and Choices” for more information about how to request that we make changes to your personal information in our custody.

If you have any concerns or questions regarding this Privacy Policy, you should contact our Customer Service Department via email at customerservice@pinnacle.ca.

In the event of a dispute arising between you and us, our Customer Service Department will attempt to reach an agreed solution. Should all efforts to resolve a dispute directly with Pinnacle fail, you have the right to lodge a complaint by email to iGO.

We maintain an Incident Breach Management Policy. We will provide you notice in the event of an incident that materially impacts your personal information (a “Data Incident”). We will notify you, iGO, and any other applicable regulatory authority about the Data Incident, and we will aid iGO and any applicable authorities in the management and handling of the Data Incident.

We use your personal information in the following circumstances:

• Where you have provided your consent.
• Where we need to comply with a legal or regulatory obligation.

By providing your personal information and registering with us or logging in when you enter our Website, you understand and agree that we will collect, use, disclose, and otherwise process your personal information in the manner set out in this Privacy Policy, or as otherwise provided in accordance with our Terms and Conditions.

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Personal information means information about an identifiable individual including any information that constitutes personal information within the meaning of FIPPA and PIPEDA (“Personal Information”).

We may collect different kinds of Personal Information about you which we have grouped together as follows:

• Identity Data: includes first name, middle name, last name, username or similar identifier, descriptive occupation (i.e. job position and industry), date of birth, and gender.

  We will collect certain of the above Personal Information, and if provided by you, your country of residence, business telephone number, employer’s name, employer’s address, citizenship, and alias/preferred name for the purposes of complying with our anti-money laundering obligations under applicable law. If you attest that you are a Politically Exposed Person (“PEP”), the Head of an International Organization (“HIO”), or a family member or a close associate of a PEP or HIO, as those terms are defined in our Terms and Conditions, you will be required to provide additional information such as your source of funds, your source of wealth, the nature of your connection to the PEP or HIO if you are a family member or close associate of a PEP or HIO, the office or position of the PEP/HIO, the PEP or HIO’s organization/institution name and, if you have a relationship with someone who is a family member or close associate of a PEP or HIO, the nature of the relationship between you and the family member/close associate of the PEP or HIO. Such information is collected on behalf of iGO and may be shared with other Operators as part of enterprise-level player monitoring.

• Contact Data: includes billing address, delivery address, email address, and telephone number(s).
• Financial Data: includes bank account details, payment card details, and credit checks.
• Transaction Data: includes details about payments to and from you, and other details of products and services you have engaged us for.
• Technical Data: includes internet protocol (IP) address, pc tag, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Profile Data: includes your username and password, purchases or orders made by you, your interests, preferences, correspondence feedback, and survey responses.
• Usage Data: includes information about how you use our website, products, and services.
• Marketing and Communications Data: if you sign up to receive marketing communications, we will ask you about your preferences for receiving marketing from us and our third parties and your communication preferences. We will collect your email address as well as other information on an optional basis to help us tailor our communications to you.

We will use and store Personal Information for the purpose of delivering and improving our products and services and to analyze and enhance our operations. Personal Information may be used in order to share insights, for clinical use, to allow for additional research, collaborations, and product development, and to garner insights about the data that we gather over time. Pinnacle may anonymize your Personal Information, or de-identify your personal information in a way that meets FIPPA and PIPEDA.

We will create statistical, aggregated data relating to our users and the Service for analytical purposes. Aggregated data includes data derived from Personal Information and obtained by Pinnacle from other sources in aggregated, anonymous form and does not identify any individual (such data is referred to as "Aggregate Information"). Subject to applicable laws and regulations, we use Aggregate Information to understand our customers and to develop, improve and/or market our Services.

Where we need to collect personal information by law, under the terms of a contract we have with you, or to provide our service, and you fail to provide that data when requested, we may not be able to perform the contract we have or provide you with the service requested.

Please note that any information which you transmit to us by email is not encrypted and is transmitted at your own risk.

We have set out below, in a table format, a description of the ways we plan to use your personal information and which legal bases we rely on to do so.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal purpose we are relying upon to process your personal information where more than one purpose has been set out in the table below.

We do not sell or disclose your personal information to third parties without your consent, except as set forth below or as required or permitted by law.

a. For anti-money laundering, fraud detection, and/or control purposes, Pinnacle may share your personal information with third parties, including but not limited, to third-party suppliers, the police, financial integrity units, banks, ID and address verification service providers, payment service providers, and financial institutions; however, only where we have assurance that they are meeting the same standards on the processing of data and security. We encourage you to read the privacy policies of our third-party suppliers.

b. Furthermore, we reserve the right to disclose your personal information to relevant third parties, such as other Pinnacle group companies, our regulators or financial integrity units, notably when Pinnacle has reasonable grounds to suspect irregularities involving your account.

c. Your personal information will also be shared for regular operational purposes with entities providing services such as cloud services (Google Analytics 4), data centres, payment services, banking, ID verification tools, customer communication tools, game suppliers, etc.

d. We are entitled to share the information we hold on you which includes personal information and/or betting history with sporting bodies in order to investigate fraud, money laundering or sports integrity issues and to comply with our regulatory duties.

e. We and our service providers may process personal information outside of Ontario, including in the U.S., or other foreign jurisdictions. In such cases, we and our service providers will provide the equivalent security and coverage as required for personal information processing within Ontario.

f. We and our service providers may provide your personal information in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, U.S. or other law or legal process, which may include lawful access by U.S. or foreign courts, law enforcement or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.

g. We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Pinnacle or as part of a corporate reorganization or other change in corporate control.

h. We will take all reasonable steps to ensure that your personal information is treated securely, by ourselves and any third parties, and is processed with appropriate care and protection and in line with applicable legal requirements.

We will retain your personal information for no longer than necessary for the purposes set out herein, or in order to comply with our legal, financial, regulatory and business requirements. In such cases, we will maintain your personal information for the minimum length of time required to meet those requirements. Once we no longer need to retain your personal information, your data will be securely deleted or anonymized.

In the event you withdraw your consent, your personal information will be securely deleted or anonymized.

If there has been no Account Activity (as defined in our Terms and Conditions) and we have maintained your personal information for the minimum time required to meet our legal and regulatory requirements, your account will be closed and your personal information will be securely deleted or anonymized.

The data is destroyed by being digitally shredded, so that data is unrecoverable. If a device used to contain PI information, then the obsolete device needs to be physically destroyed.

Accounts where there has been an instance of fraud, a notification of gambling addiction, and/or permanent self-exclusion, will not be anonymized so that we may continue to monitor these customers in adherence to our legal and regulatory requirements.

We perform full backups of the data daily, and the retention of the backups is one week.

If you sign up to receive marketing communications, we will send you offers, competitions, and exclusive content through our various marketing channels. Your data will not be sold or given to any third parties not affiliated with Pinnacle for marketing purposes without your prior consent.

You can change your marketing preference settings by logging into your Pinnacle account and going to the “Preferences” page where you can change your marketing preferences.

You can unsubscribe from marketing communications at any time by clicking the “unsubscribe” link included at the bottom of each email. Alternatively, you can opt out of receiving email marketing communications by contacting us at the contact information provided in the “Contact Us” section below. Please note that you may continue to receive transactional or account-related communications from us.

a. Pinnacle assures you that your personal information is:

• processed in accordance with your rights;
• processed fairly and lawfully;
• obtained only for the above purposes;
• adequate, relevant and not excessive for its purpose;
• kept in a secure manner;
• not kept longer than is necessary for its purposes.

b. Pinnacle shall take all reasonable steps to ensure that your information is kept secure and protected. In this regard, we maintain appropriate physical, administrative, technical, and organizational measures to protect your data against unauthorized or unlawful processing.

c. We recommend that you send all personal documents to us using our secured upload tool. Please copy and paste the following link into your browser (followed by your client ID):

https://cashier.pinnacle.com/VerifyUpload.asp?customerId=

d. Passwords must contain at least one letter, one number, and one special character, and must be at least eight characters long. It is your responsibility to keep your account details including your password secure and failure to do shall be at your sole risk and expense. If you believe your account has been compromised in any way, you must notify us immediately at customerservice@pinnacle.ca, using your registered email address. We will immediately suspend your account once we are aware of such an incident.

e. Your Personal Information is stored in Ireland.

f. Pinnacle is using the ISO27001 framework. We establish, implement, operate, monitor, review, maintain, and continually improve an ISMS (Information Security Management System), which is a systematic approach to managing the security of sensitive information and is designed to identify, manage and reduce the range of threats to which the PI is regularly subjected.

Subject to applicable law, you may have certain rights and can make certain choices about your personal information. You can exercise any of these rights and choices by contacting customerservice@pinnacle.ca, naming the right you are exercising or the choice you would like to make, along with the reason for your request, if applicable.

It should be noted that the ability to perform our services relies on the processing of certain information. Therefore, exercising certain rights or choices may result in a loss of the service or part of it.

We may request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. In the event you did not provide all your verification information upon registering with us, this information may be requested to complete your profile. We may also contact you to ask you for further information in relation to your request to speed up our response. Please remember to keep your password confidential.

We try to respond to all legitimate requests within 30 days. Occasionally, it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

It is your responsibility to maintain that your personal information is up-to-date and accurate.

Pinnacle’s websites (including those optimized for mobile devices) and mobile applications use cookies and similar technologies to manage login sessions, provide personalised web pages, and tailor content to reflect your specific needs and interests. Once you “Accept” our banner on cookies you agree to the use of cookies and similar technologies for the purposes we describe in this policy.

Cookies are text files containing a small amount of information that are downloaded to your device when you visit a website. They are generally used by most websites to improve your online experience and to ensure that content and functions are delivered and used more effectively. Other similar files such as clear GIFs, web beacons, and pixel tags work in the same way and we use the word ‘cookie’ in this policy to refer to all files that collect information in this way.

Cookies perform various different functions. For example, some cookies are downloaded to your device temporarily for the period that you browse a particular website. These cookies might allow you to navigate between pages more efficiently or enable websites to remember the preferences you select. Other cookies can be used to help websites remember you as a returning visitor or ensure the online advertising you receive is more relevant to your specific needs and interests.

You can amend your browser settings to block some or all cookies. To do this, follow the instructions provided by your browser provider. Please be aware that if you block cookies from Pinnacle’s website some or all of the website's functions may not perform as intended.

For example, you may not actually be able to place any bets. If you would like to amend your browser settings, see “manage your cookies”. If you would like more information about cookies, see “further information”.

The types of cookies Pinnacle uses are:

Essential Cookies

Performance Cookies

Functionality Cookies

Targeting Cookies

Essential Cookies are cookies which are necessary in order for a website to function correctly; they enable you to navigate our website and allow you to perform specific functions, such as accessing secure areas, placing bets, depositing funds and managing your account. Without these cookies, it would not be possible to provide our specific online services and functions.

We use Essential Cookies to:

• Maintain your Bet Slip selections as you navigate around the site;
• Identify you as being logged in to Pinnacle.ca.

Cookies we have defined as Essential Cookies will not be used to:

• Gather information that could be used to advertise products or services to you;
• Remember your preferences or username beyond your current visit.

These cookies collect information about how visitors use a website, for instance, which pages they go to most often and if they get error messages from web pages. It is only used to improve a website's performance.

• Provide statistics on how our website is used;
• See how effective our promotions are;
• Collect statistics on which markets customers are betting on;
• Help us improve the website by measuring any errors that occur;
• Test different designs of our website;
• Identify the browser or device you are using to access the site.

• Gather information that could be used to advertise products or services to you on other websites;
• Remember your preferences or username beyond your current visit;
• Store personal information such as email address or name;
• Target promotions to you on any other website;
• Allow third parties to use the cookies for any purpose other than those listed above.

We use third-party cookies (such as Google Analytics and Silverpop Web Analytics) to gather information on customer interactions with the site so we can develop and improve your customer journey and provide you with an optimized service. To opt out of performance cookies, please see below.

Please be aware that opting out of our performance cookies won’t keep you from using our website; however, it will limit us from learning from your experience and may limit our ability to make accurate decisions for improving our website. However, if you wish to opt out of the web analytics that Pinnacle uses, please use the link below:

GoogleAnalytics

These cookies allow the website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, personalized features. They may also embed functionality from third party services. For instance, a website may be able to provide you with local weather reports or traffic news by using cookies to store information about the region in which you are located, or may integrate useful services provided by third-party providers into the website e.g. social media features. These cookies can also be used to remember changes you have made to text size, fonts, and other parts of web pages that you can customize. They may also be used to provide services you have requested such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.

We use Functionality Cookies to:

• Remember settings you've applied such as layout, preferences, colours, and showing/ hiding features;
• Remember that you have seen certain content;
• Provide proactive live chat sessions to offer you support.

Cookies we have defined as Functionality Cookies will not be used to:

• Target you with advertising on other websites;
• Allow third parties to use the cookies for any purpose other than those listed above.

These cookies are used to deliver content, such as advertising, that is more relevant to you and your interests. They may also be used to limit the number of times you see an advert or measure the effectiveness of the advertising campaign. These tend to be set by third-party advertising agencies with Pinnacle's permission, on our Website and other websites and apps, and we may share information about websites that you have visited with other organizations, such as advertisers.

We work with third parties such as advertising networks and other advertising companies that use their own tracking technologies (including cookies and pixel tags) on our Website and other websites and apps in order to provide you with tailored advertisements across the internet. This is a common marketing practise referred to as interest-based or online behavioural advertising. These companies may collect information about your activity across your different devices on our Website and third-party websites and apps (such as web pages you visit and your interaction with our advertising and other communications), and use this information to make predictions about your preferences, develop personalized content, and deliver ads that are more relevant to you on third-party websites. This information may also be used to evaluate our online advertising campaigns.

We use Targeting Cookies to:

• See what pages you are interested in and feed this back to our email tool so we only target customers with information that is relevant to them.
• Provide promotions to you if you have registered an account with us, whether such account is funded or not.
• Provide cross-product promotions to you based on what markets you have viewed or the value of the bets you have placed.
• Provide suggested third parties with information about your visit so that they can present you with adverts that you may be interested in.

Opting Out of Interest-Based Advertising: For more information about interest-based advertising on your desktop or mobile browser and to understand your options, including how you can opt out of receiving interest-based ads from third-party advertising companies participating in the Digital Advertising Alliance of Canada (DAAC) Self-Regulatory Program for Online Interest-Based Advertising, please visit the DAAC website at http://youradchoices.ca/choices.

To learn more about interest-based advertising in mobile apps and to understand your options, including how you can opt out of this type of advertising by third-party advertising companies that participate in the DAAC’s AppChoices tool, please download the version of AppChoices for your device at https://youradchoices.ca/en/appchoices.

Important Notes About Your Opt-Out:

• If you opt out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes including analytics and you will still see ads from us across the internet, but the adverts will not be targeted based on behavioural information about you and may therefore be less relevant to you and your interests.
• Interest-based advertising opt-outs work by saving cookies in your browser that tell the various ad partners that you have opted out. Because cookies are generally browser-specific, your choice will only apply to the web browser from which you opt out. You must opt out from each web browser on which you do not want to see interest-based advertising (and this may involve different devices, if you use more than one).
• If you delete or clear your browser’s cookies, you will need to opt out again.

We recommend that you don't change your cookie settings as it may limit your user experience and the performance of the site.

If you do want to change your cookie settings, you can do this through your browser. Different web browsers may use different ways of controlling cookies, so you'll need to use your browser's help section to find out how to do this or you can visit one of the following browser providers’ sites directly.

• Firefox
• Google Chrome
• Microsoft Internet Explorer (IE)
• Safari

Alternatively, you may wish to visit http://www.allaboutcookies.org/ which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer, as well as more general information about cookies. Please note that, as the allaboutcookies.org website is not owned or operated by us, we are not responsible for any of the content it contains.

To opt out of interest-based advertising, see “Interest-Based Advertising / Targeting Cookies”.

Certain services, including those provided by GeoComply, will make use of your location data. If you use such services, you consent to us and GeoComply transmitting, collecting, maintaining, processing, and using your location data in order to provide and improve location-based services. You may withdraw this consent at any time by turning off the location settings or by notifying us in writing that you would like to withdraw such consent.

You can find more information about cookies at https://en.wikipedia.org/wiki/HTTP_cookie. For a video about cookies visit https://policies.google.com/technologies/cookies.

Any changes to our Privacy Policy shall be posted on this page and any such changes will become effective upon posting the revised Privacy Policy. If we make any material or substantial changes to this Privacy Policy we will use reasonable endeavours to inform you by email, a notice on our Website or other agreed communications channels. If we plan to use your personal information for a new purpose, we will update our Privacy Policy and communicate the changes to you before starting any new processing.

If you have any questions about this Privacy Policy please contact privacy@pinnacle.ca.