Privacy Policy

1.1 This Privacy Policy ("Policy") explains how SpinBit Casino ("we", "us", "our"), operating the website located at spin-bit-casino-nz.com ("the Site"), collects, uses, stores, discloses, and protects your personal information. SpinBit Casino acts as the data controller for all personal information processed through the Site and its associated services.

1.2 We are committed to safeguarding the privacy of every individual who visits or registers with SpinBit Casino. This Policy applies to all users of the Site, whether registered account holders or casual visitors, and covers all personal information obtained through our website, mobile platforms, customer support interactions, and any related communications.

1.3 SpinBit Casino operates in full compliance with the New Zealand Privacy Act 2020 and the thirteen Information Privacy Principles ("IPPs") set out within it. We also adhere to guidance issued by the Office of the Privacy Commissioner of New Zealand. Where our services interact with international data protection frameworks, we apply equivalent or higher standards of protection.

1.4 By accessing the Site, creating an account, or using any of our services, you acknowledge that you have read, understood, and consent to the practices described in this Policy. If you do not agree with any aspect of this Policy, you should discontinue use of the Site immediately.

1.5 This Policy should be read together with our Terms and Conditions and our Responsible Gaming page, which together form the full framework governing your relationship with SpinBit Casino.

1.6 We may update this Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any material changes will be communicated via email notification to registered users and prominently displayed on the Site. The "Last updated" date at the top of this page indicates when the most recent revision took effect. Continued use of the Site after updates constitutes acceptance of the revised Policy.

2.1 Personal Identification Data. When you register for an account or interact with our services, we collect personal details including your full legal name, date of birth, gender, residential address, email address, telephone number, and nationality. This information is necessary to create and manage your account, verify your identity, and comply with legal obligations under New Zealand law.

2.2 Financial and Transaction Data. We collect information related to your financial transactions on the Site, including deposit and withdrawal amounts, payment method details (credit/debit card numbers, e-wallet identifiers, bank account information), transaction history, and currency preferences. Card details are tokenised and processed through PCI DSS-compliant payment processors — we do not store full card numbers on our own servers.

2.3 Identity Verification Documents. As part of our Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations, we may request copies of government-issued photo identification (passport, driving licence), proof of address (utility bill, bank statement dated within the last three months), and proof of payment method ownership. These documents are stored securely and accessed only by authorised compliance personnel.

2.4 Technical and Usage Data. When you visit the Site, we automatically collect certain technical information including your IP address, browser type and version, operating system, device type and screen resolution, referring website URL, pages visited within the Site, time spent on each page, click patterns, and session duration. This data is collected through cookies, server logs, and similar tracking technologies.

2.5 Gaming Activity Data. We record your gaming activity on the Site, including games played, bet amounts, win/loss records, bonus usage, loyalty programme participation, and gaming session duration. This information is used for account management, regulatory reporting, responsible gaming monitoring, and service improvement.

2.6 Communication Data. We retain records of your interactions with our customer support team, including live chat transcripts, email correspondence, telephone call recordings (where you are informed at the start of the call), and any feedback or complaints submitted through the Site. This data helps us resolve issues, maintain service quality, and keep accurate records of our communications with you.

2.7 Marketing Preference Data. We collect information about your marketing preferences, including opt-in/opt-out status for promotional emails, SMS notifications, push notifications, and your responses to marketing campaigns. You can update your marketing preferences at any time through your account settings or by contacting customer support.

3.1 Information You Provide Directly. The primary way we collect your data is through information you voluntarily provide to us. This includes data entered during account registration, details submitted when making deposits or withdrawals, documents uploaded for identity verification, information shared through customer support communications, and responses to surveys or promotional questionnaires. You are responsible for ensuring that any information you provide is accurate and current.

3.2 Automated Collection Methods. We use cookies, web beacons, pixel tags, and similar technologies to collect technical and usage data automatically when you visit the Site. Our web servers record standard log files that capture your IP address, browser details, and navigation behaviour. Analytics tools process this data to help us understand how visitors interact with the Site and identify areas for improvement. For full details on our cookie practices, see Section 9 of this Policy.

3.3 Third-Party Sources. We may receive personal information about you from external sources, including payment processors (transaction confirmations, chargeback notifications), identity verification providers (document authentication results, database checks), fraud prevention services (risk scoring, watchlist screening), credit reference agencies (where required by law), and regulatory bodies or law enforcement agencies (compliance inquiries, court orders). We only accept information from third parties who confirm they have a lawful basis to share it with us.

3.4 Social Media and Public Sources. If you choose to interact with SpinBit Casino through social media platforms, we may collect publicly available profile information such as your display name, profile image, and any content you direct to us or post publicly about our services. We do not access private social media information without your explicit consent.

3.5 Affiliate and Partner Data. If you arrive at the Site through an affiliate partner or marketing campaign, we may receive referral data indicating the source of your visit, campaign identifier, and associated tracking parameters. This data is used to manage our affiliate relationships and measure marketing performance. It does not include sensitive personal information.

4.1 Account Creation and Management. We process your personal identification data to create, maintain, and administer your SpinBit Casino account. This includes verifying your identity, authenticating your login credentials, managing your account preferences, and communicating with you about account-related matters such as password resets, security alerts, and service notifications.

4.2 Identity Verification and Legal Compliance. We are legally required to verify the identity and age of all players under New Zealand's Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) and related regulations. Your personal data and verification documents are processed to fulfil these obligations, conduct KYC checks, screen against sanctions lists, and report suspicious transactions to the relevant authorities, including the Department of Internal Affairs (DIA) Financial Intelligence Unit.

4.3 Payment Processing. Your financial data is processed to facilitate deposits into and withdrawals from your account, verify payment method ownership, detect and prevent fraudulent transactions, comply with payment industry regulations (PCI DSS), and manage chargebacks or payment disputes. Transaction records are maintained as required by New Zealand financial reporting laws.

4.4 Fraud Prevention and Security. We analyse your usage data, transaction patterns, and gaming activity to detect, investigate, and prevent fraud, money laundering, bonus abuse, collusion, and other prohibited activities. This may involve automated decision-making and profiling systems that flag unusual account behaviour for manual review by our security team.

4.5 Marketing and Promotional Communications. With your explicit consent, we process your contact information and marketing preferences to send you promotional offers, bonus notifications, newsletters, and personalised gaming recommendations. You may withdraw your consent at any time by clicking the unsubscribe link in any marketing email, updating your account preferences, or contacting customer support. Withdrawal of consent does not affect the lawfulness of any processing carried out before that withdrawal.

4.6 Responsible Gaming Monitoring. We monitor your gaming activity data — including session duration, deposit frequency, bet sizes, and loss patterns — to identify signs of problem gambling behaviour. This monitoring supports our responsible gaming commitments and may result in proactive interventions such as reality checks, cooling-off period suggestions, or referrals to support organisations. More information is available on our Responsible Gaming page.

4.7 Service Improvement and Analytics. We use aggregated and anonymised usage data to analyse Site performance, understand player preferences, improve our game selection, optimise the user experience, and develop new features. Where possible, this analysis uses data that has been stripped of personal identifiers so that individual users cannot be identified.

5.1 New Zealand Privacy Act 2020. All processing of personal information by SpinBit Casino is governed by the New Zealand Privacy Act 2020, which establishes thirteen Information Privacy Principles (IPPs). These principles set out the standards for how agencies collect, hold, use, and disclose personal information. We are registered as an agency under the Act and are subject to oversight by the Office of the Privacy Commissioner.

5.2 Lawful Purpose (IPP 1). We only collect personal information for a lawful purpose connected with our function or activity as an online casino operator. Each category of data we collect serves a specific, documented purpose as outlined in Section 4 of this Policy. We do not collect personal information by unlawful means or in ways that are unfair or unreasonably intrusive.

5.3 Collection Directly from You (IPP 2 & 3). Wherever reasonably practicable, we collect personal information directly from you rather than from third-party sources. When we collect your information, we inform you of the fact and purpose of collection, the intended recipients of the information, your rights of access and correction, and whether the supply of information is voluntary or mandatory. Where we collect information from third parties (as described in Section 3.3), we do so only where it is not reasonably practicable to collect it directly, or where you have authorised the collection.

5.4 Collection Not Excessive (IPP 4). We do not collect more personal information than is reasonably necessary for the purposes stated in this Policy. We regularly review our data collection practices to ensure they remain proportionate and relevant. Any data that is no longer needed for its original purpose is securely deleted or anonymised in accordance with our data retention schedule (see Section 7).

5.5 Consent. For activities that are not covered by our legal obligations or the performance of our contract with you — such as sending marketing communications or using non-essential cookies — we rely on your explicit, informed consent. Consent is obtained through clear, affirmative actions (ticking a box, clicking a button) and is never assumed. You are free to withdraw consent at any time without any negative consequences to your account or access to services.

5.6 Regulatory and Legal Obligations. Certain processing activities are mandated by New Zealand law, including identity verification under the AML/CFT Act 2009, record-keeping requirements under the Tax Administration Act 1994, reporting obligations to the Department of Internal Affairs, and compliance with court orders or lawful requests from law enforcement agencies. In these cases, we are legally required to process your data regardless of consent, though we will always limit such processing to what is strictly necessary to meet the obligation.

6.1 Payment Service Providers. We share your financial and transaction data with third-party payment processors, banks, and e-wallet providers to facilitate deposits and withdrawals. These providers operate under their own privacy policies and are contractually bound to process your data only for the purposes of completing the requested transactions. We work exclusively with payment partners who meet PCI DSS compliance standards.

6.2 Identity Verification and Fraud Prevention Partners. We share personal identification data and verification documents with specialised third-party providers who assist us in conducting KYC checks, age verification, document authentication, sanctions screening, and fraud risk assessment. These partners process your data solely on our instructions and are bound by strict confidentiality agreements and data processing contracts.

6.3 Regulatory Authorities and Law Enforcement. We may disclose your personal information to the New Zealand Department of Internal Affairs (DIA), the New Zealand Police, the Inland Revenue Department (IRD), or other governmental bodies when required by law, court order, or regulatory investigation. We may also report suspicious activity to the Financial Intelligence Unit of the DIA under our AML/CFT obligations. We do not volunteer personal data to authorities beyond what is legally required.

6.4 Game Providers and Software Suppliers. Certain technical and usage data may be shared with third-party game providers whose software powers the games available on our Site. This data is limited to what is necessary for game delivery, fair play verification, and technical troubleshooting. Game providers do not receive your full personal details unless required for jackpot payments or regulatory compliance.

6.5 Professional Advisors. We may share personal data with our legal advisors, auditors, and accountants where necessary for the establishment, exercise, or defence of legal claims, the conduct of regulatory audits, or the fulfilment of our financial reporting obligations. Such disclosures are made under professional privilege and confidentiality obligations.

6.6 No Sale of Personal Data. SpinBit Casino does not sell, rent, lease, or trade your personal information to any third party for their own marketing or commercial purposes. We will never monetise your data by making it available to data brokers, advertisers, or any unrelated businesses. This is a firm commitment that we take seriously.

6.7 Corporate Transactions. In the event of a merger, acquisition, reorganisation, or sale of assets involving SpinBit Casino, your personal information may be transferred to the successor entity as part of the transaction. In such circumstances, we will notify you before your data is transferred and becomes subject to a different privacy policy. You will have the opportunity to request deletion of your data before any such transfer.

7.1 Retention During Active Use. We retain your personal information for as long as your SpinBit Casino account remains active and you continue to use our services. During this period, all data categories described in Section 2 are maintained to support account functionality, regulatory compliance, and service delivery. You can request a summary of the data we hold about you at any time (see Section 8).

7.2 Post-Closure Retention. After you close your account or we close it on your behalf, we retain certain categories of personal data for a minimum period of seven (7) years from the date of account closure. This retention period is mandated by the Anti-Money Laundering and Countering Financing of Terrorism Act 2009, the Tax Administration Act 1994, and other applicable New Zealand legislation. The retained data includes identity verification records, transaction history, and communications related to compliance matters.

7.3 Extended Retention Where Required. In specific circumstances, we may retain data beyond the standard seven-year period. These circumstances include ongoing legal proceedings or disputes involving your account, unresolved complaints or regulatory investigations, court orders or law enforcement requests requiring preservation of records, and outstanding financial obligations. We will notify you if an extended retention period applies to your data, unless we are legally prohibited from doing so.

7.4 Anonymisation and Aggregation. Where retention of identifiable data is no longer necessary, we may anonymise your personal information so that it can no longer be linked to you. Anonymised data is not considered personal information under the Privacy Act 2020 and may be retained indefinitely for statistical analysis, business planning, and service improvement purposes.

7.5 Deletion Requests. You have the right to request deletion of your personal data, subject to our legal retention obligations. Where no legal requirement for retention exists, we will securely delete or anonymise your data within thirty (30) days of receiving a valid deletion request. Where retention is legally required, we will inform you of the applicable retention period and the legal basis for it. Deletion requests should be sent to [email protected].

7.6 Secure Destruction. When personal data reaches the end of its retention period, it is destroyed using secure methods appropriate to the storage medium. Electronic records are permanently erased using industry-standard data-wiping protocols. Physical documents (where any exist) are cross-shredded and disposed of through certified destruction services. We maintain logs of data destruction activities for audit purposes.

8.1 Right of Access (IPP 6). You have the right to request confirmation of whether SpinBit Casino holds personal information about you and, if so, to obtain a copy of that information. Access requests can be submitted to [email protected] and will be responded to within twenty (20) working days, as required by the Privacy Act 2020. We will provide the information in a commonly used electronic format. There is no fee for standard access requests, though we may charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive.

8.2 Right of Correction (IPP 7). If you believe that any personal information we hold about you is inaccurate, incomplete, misleading, or out of date, you have the right to request its correction. You can update most personal details directly through your account settings. For corrections that cannot be made through the account interface — such as changes to your legal name or date of birth — contact our support team with appropriate supporting documentation. We will process correction requests within twenty (20) working days. If we decline a correction request, we will attach a statement of the correction you requested to the relevant record.

8.3 Right to Request Deletion. While the Privacy Act 2020 does not provide an absolute right to deletion, you may request that we delete personal information that is no longer necessary for the purpose for which it was collected. We will honour deletion requests where no legal retention obligation prevents us from doing so (see Section 7). Where deletion is not possible, we will explain the reasons and the applicable retention period.

8.4 Right to Withdraw Consent. Where our processing is based on your consent (such as marketing communications), you have the right to withdraw that consent at any time. Withdrawal of consent is free and can be exercised by clicking the unsubscribe link in marketing emails, adjusting your notification settings in your account dashboard, contacting customer support, or emailing [email protected]. Withdrawing consent does not affect the lawfulness of processing carried out prior to withdrawal and does not affect processing based on other legal grounds.

8.5 Right to Complain to the Privacy Commissioner. If you are not satisfied with how SpinBit Casino has handled your personal information or responded to a privacy-related request, you have the right to lodge a complaint with the New Zealand Privacy Commissioner. We encourage you to contact us first at [email protected] so we can attempt to resolve the matter directly. If you are not satisfied with our response, you can file a complaint through the Office of the Privacy Commissioner at privacy.org.nz.

8.6 Right to Object to Automated Decision-Making. Where we use automated processing, including profiling, to make decisions that significantly affect you (such as fraud risk assessments or responsible gaming interventions), you have the right to request human review of those decisions. Contact our Data Protection Officer at [email protected] to request a manual review. We will respond within twenty (20) working days with the outcome of the review and an explanation of any decision made.

8.7 Exercising Your Rights. To exercise any of the rights described above, email our Data Protection Officer at [email protected] with a clear description of your request. For security purposes, we will verify your identity before processing any request. Verification may require you to provide your registered email address, account number, and a copy of government-issued photo identification. We will not fulfil requests from individuals who cannot verify their identity, to prevent unauthorised access to personal data.

9.1 What Are Cookies. Cookies are small text files placed on your device (computer, tablet, or smartphone) when you visit a website. They allow the website to recognise your device and remember certain information about your visit, such as your preferences, login status, and browsing behaviour. SpinBit Casino uses cookies and similar technologies (web beacons, pixel tags, local storage) to operate the Site, maintain security, and improve your experience.

9.2 Essential Cookies. These cookies are strictly necessary for the Site to function and cannot be disabled without impairing core features. Essential cookies enable secure login and session management, remember your language and currency preferences, maintain your shopping basket or game session state, protect against cross-site request forgery (CSRF) attacks, and support load balancing across our servers. Because these cookies are required for the Site to operate, they do not require your consent under New Zealand law.

9.3 Analytics Cookies. We use analytics cookies to collect anonymised data about how visitors interact with the Site. This includes pages visited, time spent on each page, navigation paths, error encounters, and device information. We use this data to understand usage patterns, identify technical issues, and improve Site performance. Analytics cookies are set only with your consent and do not collect personally identifiable information. Our primary analytics provider processes data in accordance with its own privacy policies and applicable data protection laws.

9.4 Marketing and Advertising Cookies. With your consent, we may place marketing cookies to track the effectiveness of our advertising campaigns, deliver relevant promotional content, limit the number of times you see a particular advertisement, and measure conversions from marketing activities. These cookies may be set by our advertising partners and may track your browsing activity across other websites. You can opt out of marketing cookies at any time through our cookie consent manager or your browser settings.

9.5 Managing and Disabling Cookies. You can manage your cookie preferences at any time by adjusting the settings in our cookie consent banner (displayed on your first visit and accessible via the cookie settings link in the footer), configuring your browser to block or delete specific types of cookies, or using browser extensions or privacy tools that block tracking technologies. Please note that disabling essential cookies may prevent you from logging in, making deposits, or using other core features of the Site. Disabling analytics or marketing cookies will not affect your ability to use the Site.

9.6 Cookie Retention Periods. Essential cookies are session-based and are deleted when you close your browser, except for authentication cookies that persist for up to thirty (30) days to support the "remember me" login feature. Analytics cookies are retained for up to twenty-four (24) months. Marketing cookies are retained for up to twelve (12) months. You can clear all cookies at any time through your browser settings.

10.1 Encryption. All data transmitted between your device and the SpinBit Casino servers is protected by Transport Layer Security (TLS) 1.3 encryption, the same standard used by major banks and financial institutions. This ensures that your personal information, login credentials, and financial data cannot be intercepted or read by unauthorised third parties during transmission. The Site operates exclusively over HTTPS, and we employ HTTP Strict Transport Security (HSTS) to prevent protocol downgrade attacks.

10.2 Access Controls. Access to personal data within SpinBit Casino is restricted to authorised personnel who require it to perform their job functions. We implement role-based access controls (RBAC), multi-factor authentication for staff access to sensitive systems, unique user credentials for each employee, and automatic session timeouts for administrative interfaces. All access to personal data is logged and subject to regular audit review.

10.3 Payment Security. Financial transactions on the Site are processed through payment partners who are certified under the Payment Card Industry Data Security Standard (PCI DSS) Level 1, the highest level of certification. We do not store full credit or debit card numbers on our servers. Card data is tokenised at the point of entry, meaning only a non-reversible token is stored in our systems. This approach significantly reduces the risk of card data exposure in the event of a security incident.

10.4 Regular Security Assessments. SpinBit Casino conducts regular security assessments, including vulnerability scanning, penetration testing by independent security firms, code reviews of software updates, and internal security audits. Findings from these assessments are tracked and remediated according to risk severity, with critical vulnerabilities addressed within 24 hours of discovery.

10.5 Data Breach Notification. In the event of a data breach that poses a risk of serious harm to affected individuals, SpinBit Casino will notify the Office of the Privacy Commissioner of New Zealand as soon as practicable, as required by Part 6A of the Privacy Act 2020. We will also notify affected individuals without unreasonable delay, providing details of the breach, the types of information involved, the steps we are taking to address it, and recommended actions they can take to protect themselves. We maintain a documented breach response plan that is tested and updated annually.

10.6 Your Security Responsibilities. While we implement strong security measures to protect your data, you also play a role in maintaining account security. We recommend that you use a strong, unique password for your SpinBit Casino account, enable two-factor authentication (2FA) where available, never share your login credentials with anyone, log out of your account when using shared or public devices, keep your device's operating system and browser updated, and be vigilant against phishing emails or messages that impersonate SpinBit Casino. If you suspect any unauthorised access to your account, contact us immediately.

11.1 Primary Data Storage. SpinBit Casino primarily stores and processes your personal information on servers located in New Zealand and Australia. These jurisdictions have been selected for their strong data protection frameworks and geographic proximity to our primary user base. Data stored in New Zealand is subject to the Privacy Act 2020, while data stored in Australia is subject to the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

11.2 When International Transfers Occur. In certain circumstances, your personal information may be transferred to countries outside of New Zealand and Australia. International transfers may occur when our payment processors operate servers or data centres in other jurisdictions, identity verification providers conduct checks against international databases, game providers process gaming data through servers located outside the region, or law enforcement or regulatory authorities in other countries make lawful requests for data. We take steps to ensure that any such transfers are limited to what is strictly necessary for the stated purpose.

11.3 Safeguards for International Transfers. Under IPP 12 of the Privacy Act 2020, we must take reasonable steps to ensure that personal information disclosed to a foreign person or entity is subject to comparable privacy protections. Before transferring your data internationally, we assess the data protection laws of the receiving country, enter into contractual clauses that require the recipient to protect the data to a standard comparable to the Privacy Act 2020, implement technical safeguards such as encryption in transit and at rest, and conduct due diligence on the recipient's security practices. If we cannot ensure adequate protection in the receiving jurisdiction, we will not transfer your data.

11.4 Your Awareness. By using our services, you acknowledge that some processing of your personal information may occur outside of New Zealand. We will always inform you in advance if we intend to transfer your data to a jurisdiction that does not offer an adequate level of data protection, and in such cases, we will obtain your explicit consent before proceeding. You can contact our Data Protection Officer at [email protected] for information about the specific countries to which your data may be transferred and the safeguards in place.

12.1 Data Protection Officer. SpinBit Casino has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy, ensuring compliance with the Privacy Act 2020, responding to data subject requests, and acting as the primary point of contact for privacy-related inquiries. You can reach our DPO at [email protected]. The DPO operates independently within the organisation and reports directly to senior management on all data protection matters.

12.2 How to Contact Us. For any questions, concerns, or requests related to this Privacy Policy or the handling of your personal information, you can contact us through the following channels: email our Data Protection Officer at [email protected], use the live chat feature on the Site (available 24/7), or write to us through the contact form on the Site. We aim to acknowledge all privacy-related inquiries within two (2) business days and provide a substantive response within twenty (20) working days, as required by the Privacy Act 2020.

12.3 Internal Complaints Process. If you believe that SpinBit Casino has breached your privacy or failed to comply with its obligations under this Policy, you may submit a formal complaint to our Data Protection Officer. Complaints should include a clear description of the issue, the dates and circumstances involved, any relevant correspondence or reference numbers, and the outcome you are seeking. We will investigate all complaints thoroughly, keep you informed of the progress, and provide a written response outlining our findings and any corrective actions taken. Our goal is to resolve all complaints within thirty (30) calendar days of receipt.

12.4 Escalation to the Privacy Commissioner. If you are not satisfied with our response to your complaint, or if you prefer to raise a concern directly with the regulator, you can contact the Office of the Privacy Commissioner of New Zealand. The Privacy Commissioner provides a free complaints and inquiry service and can investigate alleged breaches of the Privacy Act 2020. You can reach the Privacy Commissioner at privacy.org.nz or by calling 0800 803 909 (free within New Zealand). Filing a complaint with the Commissioner does not prevent you from also pursuing other legal remedies that may be available to you.

12.5 Policy Review and Updates. This Privacy Policy is reviewed at least once every twelve (12) months to ensure it remains accurate, complete, and aligned with current legislation, regulatory guidance, and our operational practices. Material changes will be communicated to registered users via email at least fourteen (14) days before they take effect, and the updated Policy will be published on this page with a revised "Last updated" date. We encourage you to review this Policy periodically. If you have suggestions for how we can improve our privacy practices, we welcome your feedback at [email protected].