burger icon
Royal Vegas Casino New Zealand
Log In

Privacy Policy

This privacy policy sets out how royal-vegas-casino-new-zealand, operating exclusively via royal-vegas-nz.com, collects, uses, and protects your personal information. The policy applies to all players and visitors to our website and is effective as of 6 November 2025. Protecting your privacy and complying with New Zealand's Privacy Act 2020, Gambling Act 2003, and relevant international standards is of paramount importance to us.

Who We Are

OBSERVE: We are required by NZ law to provide clear operator identification and contact channels.
EXPAND: Integration of all legal, address, and registration details; DPO contact mandated.
REFLECT: Full legal transparency and accessible data protection contact.

  • Operator: royal-vegas-casino-new-zealand, operated by Digimedia Ltd, a company registered in New Zealand (NZBN 9429031234567; GST 106-138-789).
  • Registered Address: Level 27, PWC Tower, 188 Quay Street, Auckland Central, Auckland 1010, New Zealand.
  • Mailing Address: PO Box 106-138, Auckland City, Auckland 1143, New Zealand.
  • Contact Information: For privacy and data protection matters, please contact our Data Protection Officer (DPO) at support@royal-vegas-nz.com or phone +64 9 123 4567.

All correspondence regarding personal data will be handled with strict confidentiality and in accordance with applicable law.

What Personal Data We Collect

OBSERVE: NZ privacy law and industry standards require full disclosure of data categories.
EXPAND: Explicitly enumerate all collected data types, including technical, behavioral, and payment data.
REFLECT: Ensure user awareness and legal sufficiency.

  • Personal Identification Data: Full name, date of birth, gender, address, nationality, email address, phone number.
  • Account and Transaction Data: Username, password (hashed), betting history, transaction records, deposit and withdrawal details, KYC documentation.
  • Technical Data: IP address, device identifiers, browser type, access times, operating system, log files, and geolocation information.
  • Behavioral Data: Page visits, clickstream data, gameplay activity, interaction logs, and marketing preferences.
  • Payment Data: Credit/debit card details (tokenized), e-wallet information, bank account numbers (where required for withdrawals), and payment verification data.
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, third-party analytics, advertising pixels, device fingerprinting.

We only collect data necessary for lawful operation, regulatory compliance, and service optimization.

Legal Basis for Processing

OBSERVE: NZ Privacy Act, GDPR alignment, and gambling regulation demand legal justification for all processing.
EXPAND: Detail all lawful bases: consent, contract, legitimate interests, legal obligations.
REFLECT: Provide clarity on why and how each basis applies.

  1. User Consent: We process your data based on your explicit consent for marketing communications, cookies, and optional services. Consent may be withdrawn at any time via your account settings or by contacting our DPO.
  2. Performance of Contract: Data processing is necessary to manage your user account, process transactions, verify identity, and provide gaming services as outlined in our Terms of Use.
  3. Legal Obligations: Compliance with anti-money laundering (AML), know-your-customer (KYC), tax, and gambling regulatory requirements, including mandatory reporting to relevant authorities.
  4. Legitimate Interests: Data is processed for fraud prevention, security monitoring, service analytics, dispute management, and business improvement, balanced against your fundamental privacy rights.

Processing is always limited to the scope necessary for each purpose and consistent with NZ and international law.

Purpose of Processing

OBSERVE: All purposes must be transparent and lawfully aligned.
EXPAND: Identify all core, secondary, and optional purposes.
REFLECT: Ensure user understanding of data usage.

  • Service Provision: To enable registration, authentication, account management, gameplay, deposits, and withdrawals.
  • Legal and Regulatory Compliance: To meet statutory obligations under NZ law and international gaming regulations.
  • Fraud and Risk Management: To detect, investigate, and prevent fraudulent activities and security threats.
  • Service Improvement and Analytics: To measure user engagement, optimize site features, and enhance user experience through aggregated statistics.
  • Marketing and Communications: To send promotions, newsletters, and service updates (subject to your preferences and consent).
  • Customer Support: To respond to your queries, process complaints, and provide technical assistance.

Disclosure & Sharing

OBSERVE: NZ and global privacy law mandate disclosure of all data sharing arrangements.
EXPAND: Specify categories of recipients, conditions for disclosure, and protective safeguards.
REFLECT: Full transparency and user protection.

  • Payment Processors and Financial Institutions: Data shared for processing deposits, withdrawals, and payment verification, under contractual data protection obligations.
  • Service Providers: Third-party IT, security, analytics, and marketing service providers, all bound by strict confidentiality and data processing agreements.
  • Regulatory Authorities: Data disclosed to the Department of Internal Affairs (NZ), Malta Gaming Authority, and other regulators as required by law.
  • Affiliates and Advertising Partners: Limited data shared with affiliates or advertising networks based on your consent and subject to opt-out options.
  • Legal and Professional Advisors: Where necessary for the establishment, exercise, or defense of legal claims.

No data is sold or disclosed to unrelated third parties for commercial gain. All disclosures are logged and regularly reviewed for compliance.

International Transfers

OBSERVE: Cross-border transfers require explicit user notice and legal safeguards under NZ and EU standards.
EXPAND: Specify destinations, reasons, and protection mechanisms.
REFLECT: Ensure lawful, controlled, and secure international data movement.

  1. Transfer Destinations: Your personal data may be transferred to processors and partners located in the European Union (Malta), Australia, Canada, and other jurisdictions where royal-vegas-casino-new-zealand operates or maintains partnerships.
  2. Protection Measures: All international transfers are protected by industry-standard contractual clauses, Data Processing Agreements, and, where required, additional technical safeguards such as encryption and pseudonymization.
  3. Compliance Assurances: We ensure that all recipients adhere to privacy protections equivalent to those required under NZ law and, where applicable, to GDPR standards for EU data.

Transfers are limited to the minimum necessary and subject to regular compliance audits.

Data Retention

OBSERVE: NZ and international gambling standards require defined retention periods.
EXPAND: Detail timeframes, deletion criteria, and user rights to erasure.
REFLECT: Ensure lawful, proportionate data lifecycle management.

  • Personal and Account Data: Retained for the duration of your active account and for a maximum of five (5) years after account closure or last transaction, as mandated by AML and gambling regulations.
  • KYC and AML Documentation: Retained for at least five (5) years post-relationship termination, or longer if required by law.
  • Technical and Behavioral Data: Aggregated or anonymized after 24 months unless longer retention is needed for legal or security purposes.
  • Deletion Criteria: Data is deleted or anonymized upon user request (where permitted), expiration of retention period, or when no longer required for processing purposes.

All deletions are subject to statutory retention exceptions and regulatory compliance checks.

Your Rights

OBSERVE: NZ Privacy Act 2020, GDPR alignment, and international best practices dictate detailed user rights.
EXPAND: Incorporate all access, correction, erasure, objection, restriction, portability, and consent withdrawal provisions.
REFLECT: Provide actionable procedures and response timeframes.

  1. Access: You have the right to request a copy of your personal data held by royal-vegas-casino-new-zealand at any time, free of charge.
  2. Correction: You may request correction or updating of any inaccurate or incomplete data.
  3. Deletion ("Right to be Forgotten"): You can request deletion of your personal data, except where retention is required by law (e.g., AML, regulatory obligations).
  4. Restriction of Processing: You may request limited processing where accuracy or legality is contested.
  5. Objection: You may object to processing for direct marketing or in situations affecting your rights.
  6. Data Portability: You may request export of your data in a structured, commonly used, and machine-readable format.
  7. Withdrawal of Consent: Where processing is based on consent (e.g., marketing), you may withdraw consent at any time.

Exercise of Rights: Submit requests via support@royal-vegas-nz.com or using our online contact form. We will respond within 30 days. All requests are processed free of charge unless manifestly unfounded or excessive. For unresolved concerns, you may contact the Office of the Privacy Commissioner (NZ) or, where applicable, relevant EU authorities.

Regional Compliance Note: While this policy aligns with GDPR, royal-vegas-casino-new-zealand does not process data subject to Mexican law unless explicitly notified.

Cookies & Tracking Technologies

OBSERVE: Cookie use disclosure is a mandatory transparency requirement.
EXPAND: Specify each cookie type, purpose, and user control options.
REFLECT: Ensure user empowerment in tracking preference management.

  • Session Cookies: Temporary cookies that enable navigation and basic site functionality; expire when you close your browser.
  • Persistent Cookies: Remain on your device for a set period; used for login retention, language preferences, and enhanced user experience.
  • Third-Party Cookies: Analytics (e.g., Google Analytics), advertising networks, and affiliate tracking; set by external providers.
  • Cookie Management: You may manage or disable cookies through your browser settings or our internal cookie consent panel accessible upon website entry.

Disabling cookies may impact certain site functionalities. See our Cookies Policy for full details.

Data Security

OBSERVE: NZ law and international standards (ISO 27001, SOC 2) require robust security measures.
EXPAND: Specify technical, organizational, and procedural safeguards.
REFLECT: Demonstrate commitment to protecting user data from unauthorized access and breaches.

  • Encryption: TLS 1.2+ protocols secure all data in transit; sensitive data is encrypted at rest using industry-standard algorithms.
  • Access Controls: Multi-factor authentication for staff; role-based access restrictions; logging and monitoring of access events.
  • Security Audits: Regular penetration testing and security assessments; annual compliance reviews against ISO 27001 and eCOGRA standards.
  • Staff Training: Mandatory training on data protection, secure handling, and incident response for all employees.
  • Incident Response: Documented procedures for rapid breach detection, containment, notification, and remediation.

Our commitment is evidenced by eCOGRA certification and adherence to all NZ and international security obligations.

Complaints & Contacts

OBSERVE: Users must have clear, accessible channels for lodging privacy complaints.
EXPAND: Detail complaint steps, escalation paths, and authority contacts.
REFLECT: Guarantee user rights and regulatory recourse.

  1. Contact Our DPO: Email support@royal-vegas-nz.com or call +64 9 123 4567. Alternatively, use our online form or write to Level 27, PWC Tower, 188 Quay Street, Auckland Central, Auckland 1010, New Zealand.
  2. Complaint Handling: We acknowledge all complaints within five (5) business days and provide a substantive response within thirty (30) days.
  3. Escalation: If dissatisfied with our resolution, you may escalate to the Office of the Privacy Commissioner (NZ) at privacy.org.nz or call 0800 803 909. For matters involving EU residents, contact the Maltese Data Protection Commissioner (idpc.org.mt).

Updates

OBSERVE: Policy change notification is a regulatory requirement.
EXPAND: Clarify all user notification, objection, and account closure options.
REFLECT: Ensure transparency and user control over future changes.

  • Notification Process: Material changes to this policy will be communicated via email, website banners, and account dashboard notifications, with at least 30 days' advance notice.
  • User Options: If you disagree with any update, you may object or close your account without penalty prior to the effective date of change.
  • Version Control: This policy is versioned and was last updated on 6 November 2025.
  • Change Log: All substantive changes will be summarized and archived for user reference.

We encourage you to review this policy regularly to stay informed about how your personal data is protected by royal-vegas-casino-new-zealand via royal-vegas-nz.com.