Introduction

Your privacy is very important to us. Accordingly, we have developed this policy in order for you to understand how we collect, use, communicate, disclose, and make use of personal information. The following outlines our privacy policy.

Personal Information / What We Collect

may choose to provide personal information (such as your name, address, telephone number, email address) on this website. Below are some ways you may provide information, the types of information you may submit, and descriptions of how we may use the information.

• Contact Us

  If you email us through the “Contact Us” link on this site, we ask you your name, phone number, email address, address, city, state, zip code, and country so we can respond to your questions and comments. You may choose to provide additional information through the comments section as well.

• Questionnaires and Surveys

  We occasionally may ask website visitors to complete online surveys and opinion polls about activities, attitudes, and interests. These surveys help us serve you better and improve the usefulness of our site. In conducting these surveys, we may ask you for your name and email address. We do not keep any personal information about you in connection with your participation in a northernquest.com survey unless you specifically agree to provide that information.

• Non-Personal / Aggregate Information

  We collect certain aggregate and non-personal information when you visit this website. Aggregate and non-personal information does not relate to a single identifiable visitor. It tells us how many users visited our site and the pages accessed. We collect this information either through "cookie" technology or with "web beacons" (as explained below).

• Cookies / Web Beacons

  We use browser cookies and web beacons to improve site functionality, understand usage patterns, and manage advertising. We use login/identifier cookies, session cookies, persistent cookies, and first-party and third-party cookies. Unless you log in, such data is typically anonymized or aggregated. For Google Analytics, please see its opt-out mechanism.

How We Share Information

We do not sell or otherwise disclose personal information about our website visitors except as described here. We may share information you provide with third-party service providers we have retained to perform services on our behalf (e.g. hosting, analytics, marketing, customer support). These service providers are contractually restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements.

In addition, we may disclose information about you:

1. If required by law or legal process;
2. To law enforcement or government officials;
3. When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with investigations of suspected or actual illegal activity;
4. In connection with mergers, acquisitions, or corporate reorganizations, with adequate confidentiality protections.

We also may share anonymized or aggregate data that does not identify any individual.

How We Protect Personal Information

We maintain administrative, technical, and physical safeguards designed to protect against unauthorized disclosure, use, alteration, or destruction of the personal information you provide on this website. We use Secure Socket Layer (SSL)/TLS encryption for web transmissions of sensitive data. Access controls, logging, separation of environments, periodic security testing, and staff training are in place.

We regularly review and update our security practices, policies, and procedures to reflect changes in technology, regulatory requirements, and security threats (see “Compliance & Auditing” section below).

Children’s Privacy

This website is not directed to persons under the age of 18 and we do not knowingly collect personal information from persons under the age of 18 on the site. If we become aware that we have inadvertently received personal information from a visitor under the age of 18, we will delete the information from our records.

Opt Out & Messaging Preferences

How to opt out of marketing communications, including text messages (SMS):

• If you receive promotional or informational text (SMS) messages from us, you can opt out at any time by replying “STOP” (or equivalent command as specified in the text) to that message. After you send a valid opt-out message, we will cease sending further marketing SMS messages to that number, though you may still receive transactional or service-related messages (unless you also opt out of those).
• You may also opt out of email marketing communications via the “unsubscribe” link included in each email.
• For postal or phone marketing, you may send a request to opt out by emailing privacy@northernquest.com (or the designated privacy/contact address) or mailing a written request to Northern Quest's privacy office (see contact info below).
• Please note that opting out of marketing communications does not necessarily mean we will delete your account or all communications (for example, we may still send you non-marketing or legally required messages, such as reservation confirmations, account notices, or privacy policy updates).

We will maintain a suppression list and honor opt outs across all channels consistent with applicable laws.

Mobile Information & Messaging Data

Collection and Use of Mobile Data and Messaging

• We may request your mobile phone number when you enroll in text alerts, make a reservation, sign up for loyalty or membership programs, or opt into special offers.
• We may send you SMS or MMS messages such as appointment reminders, promotional offers, alerts, or service communications (if you opt in or don’t opt out).
• We will store your mobile number, message history (timestamps, content, delivery status), and message metadata in secure systems (with encrypted storage at rest and encryption in transit).
• We will associate your mobile number with your user profile/account (if applicable) for consistency and to avoid duplication.
• Use is limited to the purposes for which you consented (e.g. marketing, transactional, alerts). We do not share your mobile number with third parties for their marketing purposes unless you consent or unless required by law.
• You may withdraw consent or opt out of mobile messaging at any time (see Opt-Out section).
• We retain messaging logs for as long as needed to fulfill operational, legal, and audit requirements, then securely delete or anonymize them in accordance with our retention schedule.

Data Subject Rights / Your Rights

Depending on your jurisdiction and applicable law, you may have certain rights with respect to your personal information. These may include:

1. Right of Access (Right to Know): You may request to access the personal data we hold about you and receive a copy of it (in a commonly used, machine-readable format).
2. Right to Rectification (Correction): You may request correction of inaccurate or incomplete personal data.
3. Right to Erasure / Deletion (“Right to be Forgotten”): You may request deletion of certain personal data, subject to legal or contractual obligations to retain.
4. Right to Restrict Processing: You may ask us to restrict processing of your personal data (e.g. while a dispute is resolved).
5. Right to Object: You may object to certain processing (e.g. direct marketing) or withdraw consent at any time.
6. Right to Data Portability: Where applicable, you may request transfer of your data to a third party (in a structured, commonly used format).
7. Right to Lodge a Complaint: You may lodge a complaint with a relevant data protection/regulatory authority.

To make a request regarding your rights, please contact us at privacy@northernquest.com (or via our designated privacy request portal). We may require identity verification before fulfilling a request. We will respond within the timeframes required by applicable laws (e.g. 30 days, or extended periods if justified).

If we are unable to comply with your request (in whole or in part), we will inform you of the reason and any options available (e.g. appeal).

Data Breach Notification & Response

In the event of a data breach (i.e. unauthorized access, disclosure, alteration, or destruction of personal data), we will act as follows:

1. Containment and assessment — We will promptly investigate, contain the breach, and assess its nature, scope, and risk to individuals.
2. Notification to affected individuals — If the breach is likely to result in a risk to your rights and freedoms, we will notify affected individuals in a timely manner. The notice will include:
   • A description of the breach and the categories of data involved;
   • The likely consequences of the breach;
   • The measures taken or proposed to mitigate harm;
   • Recommendations for what individuals may do to protect themselves;
   • Contact details for further inquiries.
3. Regulatory notification — We will notify the relevant data protection authority/regulator (if required under applicable law) within required.
4. Remediation and mitigation — We will take steps to remediate vulnerabilities, enhance security, and prevent recurrence, such as by patching systems, reviewing access controls, retraining personnel, and conducting further audits.
5. Recordkeeping — We will maintain a record of the breach, our investigation, decisions, and notifications. We will communicate through email, postal mail, or other means as appropriate to reach affected individuals.

International Data Transfers

If we transfer your personal data outside the U.S., we will ensure such transfers are subject to appropriate safeguards. These may include:

• Transfer only to jurisdictions with adequate data protection laws;
• Use of standard contractual clauses approved by relevant authorities;
• Binding corporate rules or internal policies ensuring equivalent protections;
• Encryption or pseudonymization during transit, where feasible;
• Limiting the transferred data to the minimum necessary for the purpose.

We will list the locations or countries to which data may be transferred (if known) and the safeguards in place.

If you would like details about specific transfers or safeguards, please submit a request via privacy@northernquest.com.

Compliance & Auditing

We maintain an internal compliance program designed to ensure adherence to this Privacy Policy, applicable U.S. federal and applicable state privacy laws, and any other applicable jurisdictional requirements. Key elements may include:

• Routine internal audits of data practices, security controls, vendor contract compliance, and access logs.
• Periodic reviews and updates to policies, procedures, and training materials (at least annually or as regulations evolve).
• Appointment of a privacy officer or equivalent role responsible for oversight and reporting.
• Vendor due diligence and requiring contractual commitments to privacy and security (including auditing rights).
• Documented recordkeeping of data processing activities, risk assessments, and compliance reviews.

We reserve the right to engage independent third-party audits or assessments of our privacy and security programs.

Changes to This Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page with the “last modified” date updated.We may also provide additional notice (e.g. via email or in-app messages) if changes are material.

Contact / How to Reach Us

For questions about this policy, or to submit requests under your data subject rights, or to opt out of marketing communications, please contact:

Privacy Department

Email: privacy@northernquest.com
Mailing address: Northern Quest Resort & Casino,
Attn: Privacy Office, 100 North Hayford Road,
Airway Heights, WA 99001
Phone: 509.481.6000 or 877.871.6772

Consent / Acceptance

By using our site or providing us your personal information, you consent to the practices described herein (subject to applicable law).