Privacy Policy
This Privacy Policy outlines how we collect, use, store, and protect your personal information when you access our online gaming platform and services. As operators licensed under New Zealand’s gambling regulations, we are committed to maintaining the highest standards of data protection and privacy in accordance with the Privacy Act 2020 and relevant gaming legislation. This policy applies to all users accessing our services from New Zealand and demonstrates our dedication to responsible gaming practices and transparent data handling procedures.
Information Collection and Data Types
We collect various types of personal information necessary to provide our gaming services, ensure regulatory compliance, and maintain a secure gaming environment. The collection of this information is essential for account verification, age confirmation, and adherence to New Zealand’s anti-money laundering requirements. Our data collection practices align with the Department of Internal Affairs guidelines and the Gambling Commission’s regulatory framework.
| Data Category | Information Type | Collection Method | Purpose |
|---|---|---|---|
| Personal Identification | Full name, date of birth, address, phone number | Registration form, verification documents | Account creation, age verification, compliance |
| Financial Information | Payment methods, transaction history, banking details | Payment processing, deposit/withdrawal records | Financial transactions, fraud prevention |
| Gaming Data | Game preferences, betting patterns, session duration | Platform interaction, gaming activity logs | Service optimization, responsible gaming monitoring |
| Technical Data | IP address, device information, browser type | Automated collection through cookies and analytics | Security, platform functionality, user experience |
We implement strict data minimization principles, collecting only information that is necessary for our legitimate business operations and regulatory obligations. All personal information is collected through secure channels using industry-standard encryption protocols. Users are informed at the point of collection about the specific purposes for which their data will be used, ensuring transparency in our data processing activities.
Purpose and Legal Basis for Processing
Our data processing activities are conducted under specific legal bases as defined by New Zealand privacy legislation and international data protection standards. We process personal information to fulfill our contractual obligations, comply with legal requirements, protect legitimate interests, and ensure the safety and security of our gaming platform. The primary purposes for data processing include account management, payment processing, regulatory compliance, fraud prevention, and customer support services.
Under New Zealand’s Privacy Act 2020, we maintain lawful bases for processing personal information, including performance of contracts, compliance with legal obligations, and pursuit of legitimate interests. Our legitimate interests include maintaining platform security, preventing fraudulent activities, improving user experience, and ensuring responsible gaming practices. We conduct regular assessments to ensure our processing activities remain proportionate and necessary for achieving these objectives.
- Account registration and management services
- Processing deposits, withdrawals, and gaming transactions
- Compliance with anti-money laundering and Know Your Customer requirements
- Age verification and responsible gaming monitoring
- Customer support and dispute resolution
- Marketing communications with appropriate consent
- Platform security and fraud prevention measures
- Regulatory reporting and audit compliance
We ensure that all processing activities are conducted fairly, transparently, and in accordance with the privacy principles established under New Zealand law. Personal information is used only for the specified purposes communicated at the time of collection, and we do not engage in secondary use without appropriate legal basis or user consent.
Data Sharing and Third-Party Disclosure
We maintain strict controls over the sharing and disclosure of personal information, ensuring that any third-party access is conducted under appropriate legal frameworks and contractual protections. Data sharing occurs only when necessary for service delivery, regulatory compliance, or legitimate business operations. All third-party processors are required to maintain equivalent levels of data protection and are bound by comprehensive data processing agreements.
In accordance with New Zealand’s regulatory requirements, we may disclose personal information to authorized government agencies, including the Department of Internal Affairs, New Zealand Police, and the Financial Intelligence Unit when required by law or for the prevention of criminal activities. Such disclosures are conducted following strict protocols and only to the extent necessary to fulfill our legal obligations.
Third-party service providers who may have access to personal information include payment processors, identity verification services, customer support platforms, and technical infrastructure providers. These partners are carefully selected based on their security standards, data protection practices, and compliance with relevant privacy regulations. We conduct due diligence assessments and maintain ongoing monitoring of third-party data handling practices.
- Licensed payment processors for financial transactions
- Identity verification services for compliance purposes
- Cloud storage providers with robust security measures
- Customer support platforms for service delivery
- Analytics providers for platform optimization
- Legal and professional advisors when required
- Regulatory authorities as mandated by law
We do not sell, rent, or trade personal information to third parties for marketing purposes without explicit consent. Any marketing partnerships or promotional activities involving data sharing are conducted under strict privacy controls and with appropriate user consent mechanisms.
Data Security and Protection Measures
We implement comprehensive security measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our security framework incorporates industry-leading technologies, rigorous access controls, and continuous monitoring systems to ensure the integrity and confidentiality of user data. All security measures are regularly reviewed and updated to address emerging threats and maintain compliance with evolving regulatory requirements.
Technical security measures include advanced encryption protocols for data transmission and storage, multi-factor authentication systems, secure server infrastructure, and regular security assessments. We employ SSL/TLS encryption for all data communications, AES-256 encryption for stored data, and implement network segmentation to isolate sensitive information. Our systems undergo regular penetration testing and vulnerability assessments conducted by certified security professionals.
Administrative security controls include comprehensive staff training programs, strict access management policies, background checks for personnel with data access, and incident response procedures. All employees with access to personal information are bound by confidentiality agreements and receive regular training on privacy and security best practices. We maintain detailed access logs and conduct regular audits of data access activities.
- End-to-end encryption for all data transmissions
- Secure data centers with physical access controls
- Regular security audits and penetration testing
- Automated intrusion detection and monitoring systems
- Backup and disaster recovery procedures
- Staff training on privacy and security protocols
- Incident response and breach notification procedures
- Regular updates and patches to security systems
In the event of a data breach, we maintain comprehensive incident response procedures that include immediate containment measures, impact assessment, user notification protocols, and regulatory reporting requirements. We are committed to transparent communication about any security incidents that may affect user privacy and will provide timely updates throughout the resolution process.
User Rights and Data Control
Under New Zealand’s Privacy Act 2020, users have fundamental rights regarding their personal information, including the right to access, correct, and request deletion of their data. We provide comprehensive mechanisms for users to exercise these rights and maintain control over their personal information. Our commitment to user privacy includes transparent processes for data access requests, correction procedures, and account management options.
Users have the right to request access to all personal information we hold about them, including details about how the information is used, who it is shared with, and the legal basis for processing. We provide access to personal information in a clear and understandable format, typically within 20 working days of receiving a valid request. Users can access much of their personal information directly through their account dashboard, including profile details, transaction history, and communication preferences.
The right to correction allows users to request updates to inaccurate or incomplete personal information. We maintain procedures for verifying and processing correction requests, ensuring that updated information is accurately reflected across all relevant systems. Users can make corrections to certain information directly through their account settings, while other changes may require additional verification procedures to maintain account security.
- Access to personal information and processing details
- Correction of inaccurate or incomplete data
- Deletion of personal information where legally permissible
- Objection to certain types of data processing
- Withdrawal of consent for marketing communications
- Data portability for certain types of information
- Complaint procedures and dispute resolution
- Account closure and data retention options
We recognize that certain limitations may apply to user rights, particularly regarding information required for regulatory compliance, fraud prevention, or legitimate business interests. In such cases, we provide clear explanations of any limitations and work with users to address their concerns within the bounds of legal and regulatory requirements.
Data Retention and Disposal
We maintain clear data retention policies that balance user privacy rights with regulatory requirements and legitimate business needs. Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Our retention periods are based on New Zealand legal requirements, industry standards, and the nature of the information collected.
For active user accounts, personal information is retained throughout the account relationship and for specified periods following account closure. Financial transaction records are maintained for seven years in accordance with New Zealand’s anti-money laundering legislation and tax requirements. Identity verification documents are retained for the periods specified under relevant regulatory frameworks, typically five years following account closure.
We implement automated data retention management systems that identify information eligible for deletion and ensure secure disposal of data that has exceeded its retention period. Personal information is securely deleted using industry-standard data destruction methods, including cryptographic erasure for encrypted data and physical destruction of storage media where applicable.
- Active account information retained during account relationship
- Financial records maintained for seven years post-closure
- Identity verification documents retained for five years
- Marketing communications data retained until consent withdrawal
- Security logs maintained for two years
- Customer support records retained for three years
- Automated deletion procedures for expired data
- Secure disposal methods for all deleted information
Users may request early deletion of certain types of personal information, subject to legal and regulatory requirements. We assess each deletion request individually and provide explanations where information must be retained for compliance purposes. Our data retention schedules are regularly reviewed to ensure they remain appropriate and compliant with evolving legal requirements.
This Privacy Policy was last updated on January 28, 2026, and reflects current privacy practices and regulatory requirements. We reserve the right to modify this policy to address changes in legal requirements, business practices, or service offerings. Users will be notified of significant changes through appropriate communication channels, including email notifications and website announcements. Continued use of our services following policy updates constitutes acceptance of the revised terms. For questions or concerns about this Privacy Policy or our data handling practices, users may contact our privacy team through the designated support channels provided on our platform.