Canad Corporation of Manitoba Ltd. (“Canad”)
Last updated: February 11, 2026
1) Our Commitment to Privacy
Canad respects your privacy and is committed to protecting personal information (“Personal Information”) we collect, use, retain, and disclose in the course of our hospitality, dining, entertainment, event, loyalty, and foundation activities. We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable regulations.
PIPEDA’s 10 fair information principles—Accountability, Identifying Purposes, Consent, Limiting Collection, Limiting Use/Disclosure/Retention, Accuracy, Safeguards, Openness, Individual Access, and Challenging Compliance—guide our practices.
This Policy does not apply to Personal Information collected about our employees except where PIPEDA applies to federally regulated workplaces; employee privacy may be governed by other laws.
Who This Policy Covers
This Policy applies to our hotels, restaurants, clubs, event venues, gaming lounges, loyalty programs, and the Canad Inns Foundation’s donor activities. PIPEDA generally governs private‑sector organizations in Manitoba (which does not currently have a substantially similar private‑sector law in force), while provincial equivalents in AB/BC/QC may apply to activities solely within those provinces. Cross‑border and interprovincial transfers remain subject to PIPEDA.
2) What We Collect & Why (Identifying Purposes)
- We collect Personal Information only for purposes a reasonable person would consider appropriate.
- Hospitality, Dining, and Entertainment
- Identify and serve guests; manage reservations, check‑ins, stays, dining, ticketing, and events.
- Host banquets/conferences and deliver associated services.
- Provide gaming lounge access consistent with legal requirements.
- Maintain accounting records; assess service quality and business performance.
- Ensure a safe and secure environment; prevent fraud and cooperate with lawful investigations.
Age & ID Verification (Liquor‑licensed premises and gaming lounges)
Verify legal age and identity (e.g., driver’s license, passport, status card) to comply with applicable liquor and safety laws and to safeguard our premises.
Loyalty & VIP Access
Enrol, authenticate, and administer loyalty programs; prevent unauthorized point redemption; manage VIP reservations and access.
Marketing & Communications
Send information about events, offers, and community initiatives. We comply with CASL (Canada’s Anti‑Spam Legislation), including consent, identification, and unsubscribe mechanisms.
Donations & Foundation (including e‑transfers)
Process donations (cash, cheque, e‑transfer), issue charitable tax receipts, maintain donor records, and communicate with donors (including memorial donations in honour of our founder).
Safety & Security
Master Barring List: Maintain a list of individuals barred due to serious safety/security incidents (name, DOB, incident details, location, barring expiry). Used solely to prevent entry to our premises; information is removed at expiry.
Video Surveillance: Monitor select areas to deter and investigate violations of criminal/civil laws, protect patrons and staff, and meet regulatory obligations. Access is limited to authorized personnel and regulators.
Photography/Publicity: With written consent, we may photograph winners or use images for publicity/advertising; we post signage when performances are recorded.
Online Operations, Websites, and Apps
Cookies & Analytics: We use necessary cookies for site functionality and may use analytics/advertising technologies to understand usage and improve services. Canadian guidance treats certain cookie‑derived data as Personal Information and requires meaningful consent (often implied for non‑sensitive analytics within reasonable expectations; explicit opt‑in may be required for targeted advertising or profiles). We honour preference signals where feasible.
Cross‑Border Processing
We may transfer Personal Information to service providers outside Canada (e.g., cloud, payment, email platforms). We remain accountable, require comparable protections by contract, and provide transparency about potential foreign access.
3) Lawful Basis & Consent
We obtain knowledgeable, meaningful consent for collection, use, and disclosure, except where inappropriate (e.g., legal/regulatory requirements; fraud prevention; emergencies). Consent may be express (opt‑in) or implied, depending on sensitivity, context, and reasonable expectations. Individuals can withdraw consent subject to legal/contractual limitations.
CASL (Commercial Electronic Messages)
For promotional emails/SMS, we obtain express consent or rely on implied consent within CASL’s strict timeframes (e.g., existing business/donation relationships). All messages include identification and an easy, effective unsubscribe implemented within 10 business days. Charities may have limited exemptions when the primary purpose is fundraising, but CASL still requires identification and unsubscribe.
Cookies/Online Tracking
We use layered notices and controls. For non‑essential cookies (e.g., advertising, behavioral tracking), we seek consent aligned with OPC guidance; we avoid tracking on child‑directed sites.
4) Limiting Collection, Use, Disclosure & Retention
We collect only what is needed for identified purposes; use/disclose only for those purposes (or as permitted by law); and retain Personal Information only as long as necessary to fulfill those purposes and legal obligations (e.g., tax, audit, gaming/liquor compliance).
Disclosures to Third Parties
We limit disclosures to service providers (IT hosting, payment processors, marketing platforms, ticketing) under contracts requiring privacy, security, and use limitations. We may disclose when required or permitted by law (e.g., warrants, court orders, regulatory investigations, safety threats).
5) Accuracy
We take reasonable steps to keep Personal Information accurate, complete, and up‑to‑date for its intended use. Please notify us of changes to your information.
6) Safeguards (Security)
We protect Personal Information with administrative, technical, and physical safeguards proportionate to sensitivity. Access is limited to authorized personnel trained on privacy. Systems are password‑protected; transmissions use encryption; and we monitor for unusual activity.
Interac e‑Transfer (Donations)
Interac e‑Transfer messages are notifications; funds move through secure banking rails. Enable Autodeposit to reduce password risks. Use strong security questions where applicable and multi‑factor authentication on accounts.
Research highlights the importance of minimizing sensitive details in email/SMS notifications to prevent redirection attacks; we configure notices and educate donors accordingly.
7) Breach of Security Safeguards
If a breach creates a real risk of significant harm, we will document, assess, and notify affected individuals and report to the federal Privacy Commissioner as required by PIPEDA regulations. We also maintain records of all breaches.
8) Openness & Transparency
We provide clear information about our policies and practices, including cross‑border transfers and the role of service providers, consistent with PIPEDA’s accountability and openness principles.
9) Individual Access & Correction
You may request access to Personal Information we hold and seek corrections. We may require written requests and identity verification to protect privacy. If we refuse access (e.g., legal privilege, safety concerns), we will provide reasons as permitted by law.
Consent Withdrawal
You may withdraw consent for certain processing, subject to legal/contractual restrictions and reasonable notice (e.g., withdrawal may limit our ability to provide services or issue receipts).
Marketing Opt‑Out (CASL)
You can unsubscribe at any time; we honour requests within 10 business days.
Cookies/Tracking Choices
You may adjust browser settings, use our preference tools, or opt‑out mechanisms for advertising/analytics. We strive to honour global privacy signals where feasible.
10) Special Programs & Situations
Master Barring List
Managed by Canad’s Vice President of Security, Safety and Loss Prevention (or designate). Individuals may contact a manager or the VPSS to inquire, request removal, or reduction of barring periods; decisions are communicated. Records are removed at expiry.
Photography & Publicity
We obtain written consent for promotional images and post notices for performance recording; draw/jackpot winners may be photographed with consent.
Video Surveillance
Footage is accessed only by authorized security personnel, executives, or regulators in secure environments and used for safety, compliance, and legal purposes.
11) Cross‑Border Data Transfers
When we use service providers outside Canada, we remain accountable under PIPEDA and ensure comparable protection through contracts, technical safeguards, and oversight. We inform individuals that their data may be processed abroad and could be accessed by foreign authorities under lawful process.
12) Children & Sensitive Data
We do not knowingly collect Personal Information from minors for marketing; we employ strict age verification for licensed premises. We treat health, financial, precise location, and detailed behavioral profiles as sensitive, requiring heightened consent/safeguards.
13) Updates to This Privacy Policy
We may update this Policy to reflect changes in our practices or legal requirements. Material changes will be posted on our website with the effective date. We will not use previously collected Personal Information for new incompatible purposes without obtaining consent.
14) Contact Us (Privacy Requests & Complaints)
Write to:
Corporate Privacy Officer
Canad Corporation of Manitoba Ltd.
3rd Floor – 930 Jefferson Avenue
Winnipeg, Manitoba R2P 1W1
Telephone: 1 (204) 697‑1495
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) to file a complaint.
15) CASL Compliance (Commercial Electronic Messages)
We maintain records of consent (express/implied) and unsubscribe requests; identify ourselves in each message; and provide a working unsubscribe that remains valid for 60 days and is processed within 10 business days. Donors to the Foundation may constitute an existing non‑business relationship for implied consent within CASL’s time limits, but we often seek express opt‑in.
16) Cookies & Online Tracking (Detailed)
Necessary cookies: Provide site functionality and security.
Analytics cookies: Help us measure and improve services (consent may be implied when non‑sensitive and reasonably expected).
Advertising/behavioral cookies: We seek clear consent and provide opt‑out controls; we avoid tracking on child‑directed sites.
For Quebec users, stricter consent standards under provincial law may apply (opt‑in for non‑essential cookies).
17) Security Tips for Donors Using E‑Transfer
Enable Autodeposit; avoid including sensitive details in the message field; use strong unique security answers if required; and contact your financial institution or Canad if you suspect fraud. Be aware of harassment risks via message fields; use financial institution and Interac settings (e.g., Autodeposit, communication preferences) to limit abuse.