SideQuest Video Game Lounge — Privacy Policy (Canada)

Effective date: March 5, 2026

SideQuest Video Game Lounge (“SideQuest”, “we”, “us”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, safeguard, and retain personal information in the course of our commercial activities in Canada, consistent with PIPEDA and other applicable Canadian privacy laws. PIPEDA is built around 10 fair information principles (including accountability, consent, limiting collection, safeguards, access, and challenging compliance).

1) What is “personal information”?

“Personal information” means information about an identifiable individual. This can include contact details, account information, transaction history, identifiers, preferences, and other information that can identify you on its own or when combined with other data.

2) Who this policy applies to

This policy applies to personal information we handle:

• In-lounge (walk-ins, memberships, tournaments, purchases)
• Online (our website, booking pages, online forms)
• Communications (email, SMS, social channels where applicable)

3) What we collect

We only collect what we reasonably need for identified purposes.

1. Identity & contact information

• Name, email, phone number
• Date of birth / age confirmation when required (e.g., age-restricted events, eligibility for certain services)

1. Membership, reservations, and customer support

• Membership details (e.g., handle/username, preferences you choose to share)
• Reservation details (date/time, party size, station preference)
• Support communications and issue history

1. Transaction and payment information

• Items purchased and amounts, receipts, refunds
• Payment data is typically processed by our payment providers; we do not need or want to store full card numbers. (Your payment provider may collect and process payment information directly.)

1. Marketing preferences

• Email/SMS opt-in status, communication preferences, and message interactions (e.g., whether a message was opened or clicked, depending on the platform)

1. Device, network, and website data

• IP address, device/browser info, cookies and similar technologies, pages viewed, approximate location inferred from IP
• If we offer guest Wi-Fi: basic network logs (device identifiers, session times) for security and network management

1. Video surveillance (CCTV)

• If used on-site for safety, theft prevention, and incident investigation, we may collect video footage in public areas of the venue.

4) Why we collect and how we use personal information (Identifying purposes)

We use personal information for the following purposes:

• Provide services (bookings, play sessions, tournaments, membership benefits)
• Process transactions (sales, refunds, fraud prevention, chargeback handling)
• Customer support (responding to requests, troubleshooting, lost-and-found claims tied to a booking)
• Safety and security (site security, incident response; CCTV where applicable)
• Business operations (analytics, service improvement, training, inventory and capacity planning)
• Marketing communications (only where permitted and based on your consent or another lawful basis)

Under PIPEDA, we identify purposes at or before collection, and document those purposes.

5) Consent (including marketing)

We obtain meaningful consent for the collection, use, and disclosure of personal information, and we provide information in a way that helps you understand what you’re agreeing to.

Marketing (email/SMS):

• We send promotional messages only where permitted under Canada’s Anti-Spam Legislation (CASL)—typically with express opt-in consent.
• Every marketing message will include an unsubscribe method, and unsubscribe requests must be processed within required timelines (generally within 10 business days).

You can withdraw consent at any time (subject to legal or contractual restrictions). Withdrawing consent may limit our ability to provide certain services (for example, we can’t send booking confirmations without a way to contact you).

6) Limiting collection

We collect only information that is reasonably necessary for the purposes described above, using fair and lawful means (for example, we do not collect sensitive identifiers unless needed for a specific purpose such as age verification for an event).

7) When we share personal information (Limiting disclosure)

We do not sell your personal information.

We may share personal information with:

• Service providers who help us run our business (payment processing, booking systems, email/SMS platforms, IT hosting, analytics). They are authorized to use personal information only as necessary to provide services to us and are expected to protect it.
• Legal and safety disclosures where required or permitted by law (e.g., complying with a court order, lawful request, or to protect rights, safety, and security).

If service providers process data outside Canada, your information may be subject to the laws of those jurisdictions.

8) Retention (Limiting retention)

We keep personal information only as long as necessary for the purposes described, including:

• to provide services you requested,
• to meet legal, tax, or accounting obligations,
• to resolve disputes and enforce agreements.

When information is no longer required, we securely destroy, delete, or anonymize it.

9) Accuracy

We take reasonable steps to keep personal information accurate, complete, and up to date for the purposes it is used. You can help by requesting corrections (see “Your access and correction rights”).

10) Safeguards

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, such as:

• access controls and least-privilege permissions
• strong authentication for staff systems where feasible
• encryption in transit (and at rest where appropriate)
• security monitoring and vendor due diligence
• secure storage practices for any paper records (if used)

11) Privacy breaches (including required notifications)

If we experience a breach of security safeguards involving personal information, we will assess the risk and comply with PIPEDA breach obligations, including reporting to the Privacy Commissioner of Canada and notifying affected individuals where there is a real risk of significant harm, and keeping required breach records.

12) Cookies and online analytics

Our website may use cookies and similar technologies to:

• remember preferences,
• understand traffic and usage,
• improve site performance and marketing effectiveness.

You can control cookies through your browser settings and, where available, our cookie controls. Disabling cookies may affect site functionality.

13) Children and youth

SideQuest services may be used by minors where permitted. We encourage parents/guardians to supervise online activity. Where we knowingly collect personal information from a minor for a specific purpose (e.g., a youth league registration), we limit collection to what’s necessary and use appropriate consent practices.

14) Your rights: access and correction (Individual access)

You can request access to the personal information we hold about you and request corrections if it is inaccurate or incomplete. We will respond within a reasonable timeframe and in accordance with applicable law. Certain information may be withheld where permitted (for example, information that would reveal personal information about another individual, or information subject to legal privilege or an active investigation).

15) Questions, concerns, and challenging compliance

If you have questions, requests, or complaints about this policy or our privacy practices, contact us:

Privacy Contact (SideQuest Video Game Lounge)
Email: system@sidequestmiramichi.ca
Mail: SideQuest, 130 Newcastle Blvd, Miramichi NB, E1V 2L7

If we cannot resolve your concern, you may contact the Office of the Privacy Commissioner of Canada.

16) Updates to this policy

We may update this Privacy Policy from time to time. We will post the current version on our website and update the “Effective date” above.