burger icon
Spin Casino New Zealand
Log In

Privacy Policy

This Privacy Policy explains the necessity of handling your personal data when using spins-nz.com, operated by spin-casino-new-zealand. It applies to all players and visitors interacting with our website and casino services. Effective date: 6 November 2025.

Who We Are

OBSERVE: The operator of spins-nz.com is Baytree (Alderney) Limited, acting as spin-casino-new-zealand for New Zealand users. Our operations are governed by an eGaming licence (No. 155 C1) issued by the Alderney Gambling Control Commission, valid through 2025. Our parent company is Super Group, with related entities including Bayton Ltd. While our central legal address and headquarters are not specified here, our principal jurisdiction for New Zealand is Alderney, with additional presence in Malta and related markets.

  • Data Protection Contact: For privacy matters, contact our Data Protection Officer (DPO) via support@spins-nz.com or info@spins-nz.com. All privacy-related inquiries and requests should be directed to these addresses.
  • Legal Entity: Baytree (Alderney) Limited, operating as spin-casino-new-zealand on spins-nz.com, under Alderney licence No. 155 C1.

What Personal Data We Collect

OBSERVE: We collect personal and technical data to provide lawful and secure gambling services. EXPAND: Data categories include identity, financial, behavioural, and technical information. REFLECT: These collections are necessary for regulatory compliance, account management, and service optimization.

  • Personal Data: Full name, date of birth, address (where provided), email address, phone number, and identification documents for verification.
  • Technical Data: IP address, device type, operating system, browser information, and access logs.
  • Payment Data: Transaction history, payment method details (excluding full card numbers, which are tokenized), withdrawal and deposit records.
  • Behavioural Data: Betting history, gameplay activity, website navigation (clicks, page views), and responsible gambling interactions.
  • Cookies & Tracking Technologies: Session identifiers, persistent cookies, third-party analytics (see Cookies section for details).

Legal Basis for Processing

OBSERVE: Our processing of your data fully aligns with New Zealand privacy laws, Gambling Act 2003, and international standards including the GDPR (where applicable). EXPAND: We rely on multiple legal grounds for processing. REFLECT: The following legal bases are strictly applied to all data processing activities:

  • User Consent: For marketing communications, cookie usage, and certain analytics, we request your express consent.
  • Contract Fulfillment: Processing is necessary to establish, maintain, and operate your casino account, execute payments, and deliver requested services.
  • Legitimate Interests: Prevention of fraud, security monitoring, and service improvement are pursued where these do not override your fundamental rights.
  • Legal Obligations: Compliance with KYC/AML regulations, tax reporting, and other statutory requirements mandated by NZ and Alderney authorities.

Purpose of Processing

OBSERVE: Data is processed for specified, explicit, and legitimate purposes. EXPAND: Each processing activity supports operational, regulatory, or user benefit objectives. REFLECT: The main purposes for which your data is used include:

  • Providing Casino Services: Account registration, identity verification, processing deposits and withdrawals, facilitating gameplay, and prize fulfilment.
  • Improving and Securing Services: Monitoring system performance, detecting and preventing fraud, and ensuring platform integrity.
  • Marketing and Customer Communication: Sending promotional offers, newsletters, and service updates, strictly with your consent.
  • Analytics and Research: Aggregated data analysis to improve user experience and site functionality.
  • Compliance and Legal Reporting: Meeting regulatory obligations (KYC, AML, tax) and responding to lawful requests from regulatory bodies.

Disclosure & Sharing

OBSERVE: We may share your data only as required for lawful operations. EXPAND: All disclosures are governed by strict contracts and legal requirements. REFLECT: Your data may be disclosed to:

  • Payment Partners: Banks and payment processors to complete financial transactions, with data minimization and security measures.
  • Service Providers: IT support, cloud hosting, and analytics providers under strict confidentiality agreements.
  • Regulators and Authorities: Alderney Gambling Control Commission, NZ regulatory bodies, and law enforcement as required by law.
  • Affiliates and Advertising Networks: Only with your explicit consent for marketing or promotional activities.

We do not sell your personal data to third parties. All disclosures are subject to contractual and statutory safeguards.

International Transfers

OBSERVE: Given our international operations, data may be transferred to jurisdictions outside New Zealand. EXPAND: This includes our corporate infrastructure in Alderney, Malta, and Canada. REFLECT: We implement the following safeguards to protect your data during international transfers:

  • Standard Contractual Clauses: All service providers outside NZ and the EEA are bound by legally approved data transfer agreements ensuring adequate protection.
  • Technical and Organizational Safeguards: Encryption, access controls, and strict oversight of cross-border data flows.
  • Compliance with Local Laws: Where applicable, we adhere to Privacy Shield principles and similar frameworks, and maintain alignment with NZ Privacy Act 2020.

Data Retention

OBSERVE: Data retention is governed by legal and operational requirements. EXPAND: We regularly review retention schedules to ensure data is not held longer than necessary. REFLECT: Our retention practices are as follows:

  • Personal Data: Retained for the duration of your account and for up to 5 years after account closure, in line with AML and regulatory requirements.
  • Technical and Analytical Data: Retained for up to 2 years for security and service improvement purposes, then anonymized or securely deleted.
  • Marketing Preferences: Maintained until you withdraw consent or request deletion.
  • Deletion Triggers: Data will be deleted upon user request (where permitted by law), expiration of retention period, or when no longer necessary for processing purposes.

Your Rights

OBSERVE: As a user, you are entitled to comprehensive rights regarding your personal data, aligned with the NZ Privacy Act 2020 and, where relevant, international standards such as the GDPR. EXPAND: We ensure clear processes for the exercise of your rights and provide free-of-charge responses within legal timeframes. REFLECT: Your rights include:

  1. Right of Access: Request confirmation of whether we hold your personal data and obtain a copy of such data.
  2. Right to Rectification: Request correction of inaccurate or incomplete data.
  3. Right to Erasure ("Right to be Forgotten"): Request deletion of your data under certain circumstances, such as withdrawal of consent or end of processing purpose, subject to legal retention requirements.
  4. Right to Restrict Processing: Request restriction of data processing in specific scenarios (e.g., contesting data accuracy).
  5. Right to Object: Object to processing based on legitimate interests or direct marketing at any time.
  6. Right to Data Portability: Request transfer of your personal data in a structured, commonly used, machine-readable format.
  7. Right to Withdraw Consent: Withdraw marketing consent at any time via account settings or by contacting our DPO.

Procedures: To exercise your rights, email support@spins-nz.com. We respond within 30 days, free of charge, unless requests are manifestly unfounded or excessive. Where required, we may request additional information to verify your identity.
Regional Compliance Note: While Mexican data protection laws are referenced for international alignment, NZ law governs all local data processing.

Cookies & Tracking Technologies

OBSERVE: We use cookies to enhance your experience and support essential site operations. EXPAND: Cookies are categorized based on their purpose and origin. REFLECT: You have choices in managing cookies via browser settings and site controls.

  • Session Cookies: Temporary cookies necessary for login authentication and secure site navigation; deleted when you close your browser.
  • Persistent Cookies: Remain on your device to remember preferences and facilitate faster access on subsequent visits.
  • Third-Party Cookies: Utilized for analytics (e.g., Google Analytics), advertising, and affiliate tracking. These are only activated with your consent.
  • Cookie Management: You may disable or delete cookies through your browser settings or internal site controls. Note that disabling essential cookies may affect site functionality.

Data Security

OBSERVE: Protecting your data is a paramount obligation. EXPAND: We employ multiple layers of security to mitigate risks and comply with international standards. REFLECT: Our security measures include:

  • Encryption: All data transmitted is protected using TLS 1.2 or higher. Sensitive data at rest is encrypted with industry-standard algorithms.
  • Access Controls: Role-based access ensures only authorized personnel can handle your data.
  • Multi-Factor Authentication: Enforced for system administrators and sensitive operations.
  • Regular Security Audits: Internal and third-party audits (e.g., eCOGRA certification), penetration testing, and vulnerability assessments.
  • Staff Training: Ongoing training programs on data protection and incident response protocols.
  • Incident Response: Comprehensive procedures for prompt identification, containment, and notification of data breaches.
  • Compliance: Alignment with ISO 27001 and SOC 2 standards where applicable.

Complaints & Contacts

OBSERVE: We provide transparent and accessible channels for privacy-related complaints. EXPAND: Multiple contact methods are available for timely and effective issue resolution. REFLECT: Our complaint procedures are as follows:

  1. Contact Our DPO: Submit your inquiry or complaint via support@spins-nz.com or info@spins-nz.com. Include your contact details and a clear description of your concern.
  2. Online Feedback: While no dedicated contact form is available, email is monitored daily for privacy requests.
  3. Response Times: We will acknowledge receipt within 5 business days and aim to resolve all complaints within 30 calendar days.
  4. Escalation: If dissatisfied with our response, you may escalate to the NZ Privacy Commissioner:
    Office of the Privacy Commissioner, PO Box 10094, Wellington 6143, New Zealand, privacy.org.nz.
  5. International Complaints: For issues involving cross-border transfers, you may also contact the Alderney Gambling Control Commission or relevant EU supervisory authorities where applicable.

Updates

OBSERVE: This policy is subject to periodic updates to reflect regulatory changes and operational developments. EXPAND: We will notify users of material changes promptly and transparently. REFLECT: Our update procedures include:

  • Advance Notification: For significant changes affecting your rights or our processing practices, we will provide at least 30 days' advance notice via email, website banners, and account dashboard alerts.
  • User Options: You may object to changes or request account closure before the effective date of new terms.
  • Version Control: Each policy version is timestamped. Current version: Last updated 6 November 2025.
  • Changelog: Material changes will be summarized at the beginning of the policy or in a dedicated changelog section.