Casumo New Zealand Privacy Policy
Casumo processes personal data to fulfill legal obligations and provide services. Data protection measures adhere to applicable New Zealand and international regulatory standards.
This Privacy Policy outlines the data protection practices of Casumo Services Limited, operating as Casumo casino in New Zealand. The policy exists to inform players about how their personal information is collected, used, stored, and protected. It explains the legal basis for processing personal data in accordance with applicable privacy laws, including the Privacy Act 2020. The document details the categories of information processed for account management, transaction processing, regulatory compliance, and security purposes. This policy serves as a formal notice of transparency regarding data handling obligations. Players are advised to review this information to understand their rights and the operator's responsibilities concerning personal data.
Data Collection and Categories of Personal Information
Casumo casino collects personal data necessary for the provision of its services and to meet its legal obligations. This collection occurs during account registration, financial transactions, customer interactions, and through automated technical means. The primary categories of information processed are defined below.
Registration and identification data includes information provided directly by the player. This encompasses full name, date of birth, contact details such as address, email, and phone number. For verification purposes, copies of official documents like a driver's licence or passport may be collected. This information is fundamental for creating and managing a player account and for identity confirmation as required by law.
Transactional and financial information relates to all payment activities. This includes deposit and withdrawal records, payment method details such as account numbers or card information, and transaction history. This data is processed to facilitate financial operations and for audit purposes. Compliance and interaction data includes records of player communications, game play history, betting patterns, and any records related to responsible gambling interactions or dispute resolution.
Technical and usage data is automatically generated through interaction with the online casino platform. This includes IP address, device identifiers, browser type, operating system, log files, and cookie data. Information regarding game usage, including participation in live casino sessions, is also recorded. This data is utilized for system administration, security, and to ensure platform functionality.
Purposes of Processing and Legal Foundations
Personal data is processed for specific, explicit, and legitimate purposes. Each processing activity is conducted under a recognised lawful basis as stipulated by data protection regulations. The primary purposes and their corresponding legal justifications are outlined in this section.
The performance of a contract forms the basis for core account and transactional operations. Processing registration data to create and manage a player account, processing deposits and wagers, facilitating withdrawals, and providing customer support are necessary actions to fulfil the contractual relationship between the player and Casumo casino.
Compliance with a legal obligation is a mandatory basis for processing. This includes age and identity verification to prevent underage gambling, anti-money laundering checks, reporting obligations to regulatory authorities, and maintaining records for tax purposes. Processing for these reasons is required to operate legally within the New Zealand market and under its licensing conditions.
Legitimate interests are carefully assessed and balanced against player rights. This basis supports processing for purposes such as fraud prevention, network and information security, including monitoring login attempts, system analysis for administrative purposes, and the handling of potential legal claims. Marketing communications may be conducted under legitimate interest or consent, as applicable.
Consent may be sought for specific, additional processing not covered by the above bases. Players have the right to withdraw consent at any time. The processing of special category data is not undertaken for standard operations. All processing activities are documented and regularly reviewed to ensure ongoing compliance with the stated purposes and legal foundations.
Data Storage, Protection, and Retention Periods
Casumo casino implements technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. Data is stored on secure servers with controlled access. The specific security measures and data retention rules are defined by internal policy and regulatory requirements.
Security measures include the use of encryption technologies for data transmission, such as SSL/TLS protocols. Access to personal data is restricted to authorised personnel on a need-to-know basis, governed by strict authentication procedures. Regular security assessments and penetration testing are conducted to evaluate and enhance protective measures. Systems are designed to ensure the ongoing confidentiality, integrity, and availability of player information.
Data retention periods are determined by the purpose for which the information was collected and relevant legal mandates. Personal data is not kept for longer than is necessary. A summary of standard retention timelines is provided in the following table.
| Data Category | General Retention Trigger | Typical Retention Period |
|---|---|---|
| Account and Identity Records | After account closure | 7 years (for regulatory compliance) |
| Financial Transaction Records | After transaction completion | 7 years (for financial and tax regulation) |
| Customer Support Communications | After ticket resolution | 5 years |
| Technical Log Data | After generation | Up to 2 years (for security analysis) |
Upon expiry of the retention period, data is securely deleted or anonymised so it can no longer be associated with an individual. Archived data may be retained for a longer period if subject to a legal hold or ongoing investigation. The live casino environment, like other platform areas, is subject to the same data protection and retention standards.
Player Rights and Request Procedures
Individuals have specific rights regarding their personal data under the Privacy Act 2020. Casumo casino has established procedures to facilitate the exercise of these rights. All requests are subject to a verification process to confirm the identity of the requester, protecting against unauthorised disclosures.
The right of access allows players to request confirmation of whether their personal data is being processed and to obtain a copy of that data. The right to rectification permits the correction of inaccurate or incomplete personal data. The right to erasure, or the 'right to be forgotten', allows for the deletion of personal data under certain circumstances, such as when the data is no longer necessary for the purposes collected.
Players may also have the right to restrict processing, to object to processing based on legitimate interests, and to data portability. The right to data portability allows players to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
To exercise any of these rights, a player must submit a verifiable request via the designated contact channel specified in this policy. The request should clearly state the right being exercised. Casumo casino will respond to all legitimate requests within the timeframes required by law. There is typically no charge for exercising these rights. A player also has the right to lodge a complaint with the New Zealand Privacy Commissioner if they believe their data protection rights have been infringed.