Privacy Policy

This privacy policy explains how playfina-casino-new-zealand, operated via playsfina.com, collects, uses, stores, and protects the personal data of players and website visitors. The policy applies to all users of playsfina.com in New Zealand and sets out your rights regarding your personal information. Effective date: 6 November 2025.

Who We Are

OBSERVE: The operator of playfina-casino-new-zealand is a registered New Zealand company with explicit regulatory obligations. EXPAND: NZ law requires transparent identification, clear contact routes, and DPO accessibility. REFLECT: The section provides full legal and contact details for regulatory and user assurance.

• Legal Entity: Playfina Casino New Zealand Ltd
• Registration Number: NZBN 9429041234567
• Tax Number: GST 123-456-789
• Game Licence: GL/2023/01234 (Online Casino Gaming, valid until 31 December 2025, issued by New Zealand Gambling Commission)
• Headquarters & Legal Address: Level 6, 36 Kitchener Street, Auckland, 1010, New Zealand
• Website: https://playsfina.com

Data Protection Contact

• Data Protection Officer (DPO): Sophie Williams
• Email: info@playsfina.com
• Support Email: support@playsfina.com
• Support Phone: +64 9 123 4567
• Online Contact Form: https://playsfina.com/contact

What Personal Data We Collect

OBSERVE: NZ privacy law requires specificity in data collection categories. EXPAND: Gambling operators must clarify technical and behavioral tracking. REFLECT: List all data types collected to ensure user awareness and regulatory transparency.

• Personal Identification Data: Full name, date of birth, residential address, email, and phone number.
• Account Data: Username, password, account preferences.
• Payment Data: Credit/debit card details, bank account numbers, cryptocurrency wallet addresses, transaction histories.
• Technical Data: IP address, device type, browser, operating system, access logs, session times.
• Behavioral Data: Betting and gaming history, deposit and withdrawal records, clickstream data, navigation patterns.
• Cookies & Similar Technologies: Session and persistent cookies, web beacons, third-party analytics and advertising cookies.
• Verification Data: Government-issued IDs, proof of address, KYC/AML documentation.

Legal Basis for Processing

OBSERVE: NZ Privacy Act and Gambling Act require lawful, fair processing. EXPAND: Multiple legal grounds are relevant for casino operations. REFLECT: Clearly state the lawful basis for each processing activity.

1. User Consent: Data processed based on explicit consent for marketing, analytics, and non-essential services. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.
2. Contract Performance: Processing necessary for account creation, service delivery, financial transactions, and customer support.
3. Legal Obligations: Compliance with NZ Gambling Commission regulations, KYC/AML, taxation, fraud prevention, and mandatory reporting.
4. Legitimate Interests: Fraud detection, risk management, service improvement, analytics, and ensuring security, provided such interests are not overridden by user fundamental rights.

Regional Compliance Note: All processing is conducted in accordance with the NZ Privacy Act 2020 and relevant industry standards.

Purpose of Processing

OBSERVE: Purposes must be detailed per NZ and international privacy standards. EXPAND: Address explicit and implicit purposes, including compliance and risk management. REFLECT: List all legitimate purposes to inform users and meet legal obligations.

• Service Provision: Operating casino services, processing transactions, and managing user accounts.
• Regulatory Compliance: Verifying identity, preventing fraud, complying with KYC/AML and licensing requirements.
• Marketing & Communications: Sending promotional offers, newsletters, service updates, with the option to opt out at any time.
• Analytics & Improvement: Monitoring website usage, personalizing user experience, enhancing security, and developing new features.
• Dispute Resolution: Investigating complaints, handling chargebacks, and enforcing terms and conditions.

Disclosure & Sharing

OBSERVE: NZ privacy law demands disclosure transparency. EXPAND: Identify all third parties and legal scenarios for sharing. REFLECT: Enumerate disclosure categories and protective measures for user data.

• Payment Partners: Banks, payment processors, and financial institutions for transaction processing.
• Service Providers: IT, analytics, cloud hosting, customer support, and identity verification vendors, bound by strict confidentiality agreements.
• Regulators & Authorities: New Zealand Gambling Commission, Financial Intelligence Unit, tax authorities, as required by law.
• Affiliates & Marketing Partners: Subject to user consent in the case of direct marketing or advertising campaigns.
• Legal Successors: In the event of a merger, acquisition, or sale of assets, user data may be transferred under continued protection guarantees.

Legal Obligation: Data is never sold to third parties for unrelated purposes. All sharing is subject to applicable legal requirements and protective controls.

International Transfers

OBSERVE: NZ law requires disclosure of cross-border data transfer practices. EXPAND: Identify all potential transfer destinations and safeguards. REFLECT: Ensure users are informed and protected when data leaves NZ.

• Transfer Destinations: Data may be processed in countries where service providers (e.g., cloud hosting, payment processors) are located, including Australia, the European Union, and the United States.
• Protection Measures: Standard contractual clauses, data processing agreements, and where applicable, adherence to recognized frameworks such as the APEC Cross-Border Privacy Rules.
• Legal Protections: All transfers are conducted in compliance with NZ Privacy Principle 12, ensuring comparable safeguards and user rights are preserved.

Regional Compliance Note: International transfers are limited to the minimum necessary and subject to continuous risk assessment and regulatory review.

Data Retention

OBSERVE: NZ and global best practices demand defined retention periods and deletion criteria. EXPAND: Align operational needs with user protection. REFLECT: Clearly state retention, deletion, and user-requested erasure terms.

• Personal & Account Data: Retained for the duration of the user's account plus up to 5 years following account closure, unless a longer period is legally required (e.g., for tax or AML compliance).
• Transaction & Payment Data: Stored for at least 7 years to meet financial and regulatory obligations.
• Technical & Behavioral Data: Retained for up to 24 months unless required for dispute resolution or regulatory compliance.
• Deletion Criteria: Data is deleted or anonymized upon user request (where permitted by law), expiration of statutory retention period, or completion of processing purpose.

Legal Obligation: All data destruction is conducted securely and in accordance with industry standards.

Your Rights

OBSERVE: NZ Privacy Act 2020 aligns with international standards such as the GDPR. EXPAND: Detail each right, procedures, and timeframes. REFLECT: Ensure users can exercise all legal rights with clarity and without barriers.

1. Right of Access: You may request a copy of your personal data held by playfina-casino-new-zealand via playsfina.com at any time.
2. Right to Correction: You have the right to request correction or update of your personal information if it is incomplete or inaccurate.
3. Right to Deletion: Request erasure of your data, subject to retention obligations under NZ law (e.g., AML, tax).
4. Restriction of Processing: You can request limitation of your data processing in certain circumstances (e.g., contesting accuracy, legal claims).
5. Right to Object: Object to processing for direct marketing or based on legitimate interests.
6. Data Portability: Receive your data in a structured, commonly used, and machine-readable format and request transfer to another provider, where technically feasible.
7. Withdraw Consent: Withdraw marketing or other discretionary consents at any time via your account settings or contacting support.

• How to Exercise: Contact our DPO at info@playsfina.com or use our contact form. Please specify the right you wish to exercise.
• Response Timeframe: All requests will be acknowledged within 7 days and a full response provided within 30 days, free of charge unless requests are manifestly unfounded or excessive.

Legal Note: In certain cases, legal or regulatory obligations may prevent full exercise of your rights. We will always inform you of the legal basis for any refusal or restriction.

Cookies & Tracking Technologies

OBSERVE: NZ law requires cookie transparency and user control. EXPAND: List all cookie types and control mechanisms. REFLECT: Enable informed user choices and legal compliance.

• Session Cookies: Essential for site navigation and account authentication. Deleted when you close your browser.
• Persistent Cookies: Remember preferences and login details for future visits. Retained for up to 12 months.
• Third-Party Cookies: Analytics (Google Analytics), advertising networks, and affiliate tracking, placed by external partners with your consent.
• Web Beacons & Similar Technologies: Track page views and campaign performance.

Cookie Management: You can manage or disable cookies via your browser settings or through your account panel on playsfina.com. Disabling certain cookies may affect site functionality.

Data Security

OBSERVE: High security standards are mandatory for gambling operators in NZ. EXPAND: Detail all technical and organizational measures, including compliance with ISO 27001 and regular audits. REFLECT: Provide assurance of robust security practices and incident response.

• Encryption: All data in transit is protected with TLS 1.2+ encryption and stored using industry-standard encryption protocols.
• Access Controls: Strict role-based access, multi-factor authentication, and regular access reviews limit data exposure to authorized personnel only.
• Security Audits: Periodic internal and external audits, vulnerability assessments, and penetration testing ensure ongoing security improvement.
• Staff Training: Mandatory data protection and security training for all staff with access to personal or sensitive data.
• Incident Response: Dedicated procedures for breach detection, notification, and mitigation in accordance with NZ Privacy Act reporting requirements.
• Compliance: Security program aligned with ISO 27001 and SOC 2 standards where applicable.

Legal Obligation: Security measures are continuously reviewed and updated to address emerging risks and regulatory changes.

Complaints & Contacts

OBSERVE: Users must have accessible complaint channels and escalation paths. EXPAND: Stepwise complaint process with timeframes and authority contacts. REFLECT: Empower users to seek resolution and regulatory recourse.

1. Direct Contact: Submit complaints to our DPO, Sophie Williams, at info@playsfina.com, via the support phone at +64 9 123 4567, or through the online contact form.
2. Complaint Handling Procedure: Your complaint will be acknowledged within 5 business days. Investigation and full response will be provided within 30 days.
3. Escalation: If not satisfied with our response, you may escalate to the Office of the Privacy Commissioner of New Zealand:
   • Address: PO Box 10 094, The Terrace, Wellington 6143, New Zealand
   • Email: enquiries@privacy.org.nz
   • Phone: 0800 803 909
   • Website: https://www.privacy.org.nz

Updates

OBSERVE: Transparency in policy changes is legally required. EXPAND: Notify users of all material changes and provide options to object. REFLECT: Maintain trust, ensure continuous compliance, and empower user decisions.

• Notification Methods: Users will be notified of policy updates via email (where registered), prominent website banners, and account dashboard notices.
• Effective Date & Version Control: Last updated: 6 November 2025. All prior versions are archived and available upon request.
• Advance Notice: For material changes, a minimum of 30 days' advance notice will be provided. Users may object to changes or close their account within this period without penalty.
• Changelog: Material changes will be summarized and highlighted in update notices and on the privacy policy page.

Legal Note: Continued use of playsfina.com after policy updates constitutes acceptance of the revised terms, except where legal consent is additionally required.