burger icon
Zodiac Casino New Zealand
Log In

Privacy Policy

This Privacy Policy sets out how zodiac-casino-new-zealand, operating through zodiac-nz.com, collects, uses, discloses, and protects your personal information. It applies to all players, website visitors, and users of our online services. This policy is effective as of 6 November 2025 and reflects our commitment to privacy in accordance with New Zealand laws and international industry standards.

Who We Are

OBSERVE: We identify the legal operator and responsible contact for data protection.
EXPAND: Requirements include clear company identification, legal authority, and accessible contact channels.
REFLECT: Information must enable users to verify operator legitimacy and reach out for privacy concerns.

  • Legal Operator: The online casino services at zodiac-nz.com are operated by Fresh Horizons Ltd., under license from the Kahnawake Gaming Commission (Client Provider Authorization, valid through 2025). The parent company is Casino Rewards Group. Due to regulatory and operational structures, the principal place of business and legal address for New Zealand operations are not specified, but all activities are governed by the regulatory framework of Kahnawake (Canada) and relevant NZ privacy laws.
  • Contact for Data Protection: For all privacy-related inquiries, including exercising your rights under this policy, contact our Data Protection Officer (DPO) at support@zodiac-nz.com or via our contact form. Our online live chat is also available for urgent privacy matters.

Regional Compliance Note: In line with NZ Privacy Act 2020, we maintain transparent operator identification and responsive contact mechanisms for all users.

What Personal Data We Collect

OBSERVE: Collection of all data categories relevant to online gambling operations.
EXPAND: Includes explicit data (registration), technical data, behavioral tracking, and cookies.
REFLECT: Ensures users are informed of the full data scope and underlying purposes.

  • Personal Data: Full name, date of birth, residential address (as required for KYC), email address, phone number, and identity documents (when required by law).
  • Technical Data: IP address, device identifiers, browser type, operating system, usage logs, and access timestamps.
  • Payment Data: Bank account details, credit/debit card numbers, transaction records, deposit/withdrawal history.
  • Behavioral Data: Betting history, gameplay records, account activity logs, clickstream data, user preferences.
  • Cookies & Tracking Technologies: Session cookies, persistent cookies, analytics and advertising cookies, and third-party tracking technologies (see "Cookies & Tracking Technologies" section).

Regional Compliance Note: Data collection practices adhere to NZ Privacy Act 2020 and Kahnawake regulatory requirements, ensuring proportionality and legitimate use only.

Legal Basis for Processing

OBSERVE: Identify and explain grounds for lawful data processing.
EXPAND: Address consent, contractual, legitimate interest, and legal obligation bases.
REFLECT: Clarify the necessity and lawfulness of each data use.

  1. User Consent: We process personal data based on your explicit consent for registration, marketing, and certain cookie uses. Consent can be withdrawn at any time.
  2. Contract Fulfillment: Data is processed as necessary to create, operate, and maintain your account, facilitate deposits/withdrawals, and deliver requested services.
  3. Legitimate Interests: We process data for fraud prevention, service improvement, and analytics, balancing these interests with your privacy rights.
  4. Legal Obligations: Processing is required to comply with KYC (Know Your Customer), AML (Anti-Money Laundering), and regulatory reporting duties under NZ law and the Kahnawake Gaming Commission license.

Regional Compliance Note: All processing bases are in line with NZ Privacy Act 2020 and international best practices for online gambling providers.

Purpose of Processing

OBSERVE: Clearly state why data is collected and used.
EXPAND: Link each purpose to regulatory, operational, or user benefit.
REFLECT: Provide transparent rationale for every processing activity.

  • Provision of Casino Services: To register your account, verify your identity, and manage your gaming experience on zodiac-nz.com.
  • Service Improvement: To monitor system performance, resolve technical issues, and enhance user experience through analytics and feedback.
  • Marketing and Communication: To send service updates, promotional offers, and important notifications (subject to your consent).
  • Fraud Prevention and Security: To detect, investigate, and prevent fraudulent or unlawful activities, protect account integrity, and comply with regulatory obligations.
  • Legal and Regulatory Compliance: To fulfil mandatory requirements under NZ law and the Kahnawake Gaming Commission license, including AML and KYC checks.

Regional Compliance Note: All processing purposes are justified under NZ law, ensuring data is not used for unrelated or unauthorized objectives.

Disclosure & Sharing

OBSERVE: Identify all parties who may receive user data and under what conditions.
EXPAND: Distinguish between operational necessity, regulatory disclosure, and consent-based sharing.
REFLECT: Provide users with clarity and protective assurances regarding third-party access.

  • Payment Partners: Data is shared with financial institutions and payment processors solely for transaction processing and security verification.
  • Service Providers: Third-party vendors (e.g., hosting, analytics, IT support) may access data under strict confidentiality and data protection agreements.
  • Regulators and Law Enforcement: Disclosure may be required to the Kahnawake Gaming Commission, NZ authorities, or law enforcement agencies to meet legal, regulatory, or anti-fraud obligations.
  • Affiliates and Advertising Networks: Data is only shared for marketing or promotional purposes with your prior consent and in accordance with applicable law.

Protective Clause: All third-party data access is subject to data processing agreements ensuring data security and privacy.

Regional Compliance Note: Data sharing complies with NZ and Kahnawake regulatory frameworks, and no data is sold to third parties.

International Transfers

OBSERVE: Address cross-border data transfer risks and safeguards.
EXPAND: Identify data flows to Canada (Kahnawake), international affiliates, or IT providers.
REFLECT: Detail protective measures for international transfers.

  • Transfer Destinations: Personal data may be transferred to Canada (Kahnawake), where operational servers and regulatory oversight reside, and to other jurisdictions where service providers or affiliates operate.
  • Protection Measures: All transfers are subject to legally binding safeguards, including standard contractual clauses, data processing agreements, and security certifications (e.g., ISO 27001).
  • User Rights: Users are notified of international transfers and may request information about protective measures in place.

Regional Compliance Note: All international data transfers are conducted in compliance with NZ Privacy Act 2020, ensuring adequate protection regardless of destination.

Data Retention

OBSERVE: Specify retention periods and deletion criteria.
EXPAND: Address different data categories and regulatory minimums.
REFLECT: Enable users to understand and control how long their data is held.

  • Account Data: Personal and transactional data is retained for a maximum of 5 years after account closure, in line with anti-money laundering requirements and industry standards.
  • Cookies and Technical Logs: Retained for up to 2 years unless deleted sooner by user action or technical necessity.
  • Deletion Criteria: Data is deleted upon user request (subject to regulatory exceptions), expiration of retention periods, or completion of processing purposes.

Regional Compliance Note: All retention practices are aligned with NZ legal obligations and the Kahnawake Gaming Commission's guidelines.

Your Rights

OBSERVE: Clarify detailed user rights and how to exercise them.
EXPAND: Align with GDPR standards and NZ Privacy Act 2020.
REFLECT: Empower users with actionable procedures and guaranteed protections.

  1. Access: You have the right to request access to your personal data held by zodiac-casino-new-zealand at zodiac-nz.com.
  2. Correction: You can request correction of inaccurate or incomplete data at any time.
  3. Deletion ("Right to be Forgotten"): You may request deletion of your data, except where retention is required by law (e.g., AML/KYC regulations for up to 5 years).
  4. Restriction of Processing: You may request limitation of data processing under certain circumstances (e.g., pending correction or objection).
  5. Objection: You can object to processing for direct marketing or on grounds relating to your particular situation.
  6. Data Portability: You can request a copy of your personal data in a commonly used, machine-readable format.
  7. Withdrawal of Consent: You may withdraw consent for marketing communications at any time, without affecting prior lawful processing.
  8. Procedure: To exercise your rights, contact our DPO at support@zodiac-nz.com or use our online form. We will respond within 30 days and will not charge a fee for processing reasonable requests.

Protective Clause: Some rights may be limited by regulatory obligations (e.g., retention for AML/KYC compliance). We will explain any such limitations at the time of your request.

Regional Compliance Note: Your rights under NZ Privacy Act 2020 are fully respected. We also align with international data protection standards (including GDPR equivalence as a best practice).

Cookies & Tracking Technologies

OBSERVE: Inform users about types and uses of cookies.
EXPAND: Address management and opt-out mechanisms.
REFLECT: Ensure transparency and user control over tracking.

  • Session Cookies: Essential for secure login, site navigation, and maintaining session state. Deleted when your session ends.
  • Persistent Cookies: Used for remembering preferences, authentication, and login details. Retained for up to 2 years unless cleared by the user.
  • Third-Party Cookies: Deployed by analytics providers (e.g., Google Analytics) and advertising partners, subject to your consent.
  • Purpose: Cookies are used for functionality, analytics, and marketing optimization only, without sharing identifiable user data unless consented.
  • Managing Cookies: You can configure your browser to refuse or delete cookies, or use our internal cookie management panel available on zodiac-nz.com. Disabling cookies may affect site functionality.

Regional Compliance Note: Cookie practices are fully compliant with NZ and international privacy standards, requiring consent for non-essential cookies.

Data Security

OBSERVE: Outline all technical and organizational security measures.
EXPAND: Detail certifications, access controls, and incident protocols.
REFLECT: Assure users of robust, ongoing data protection.

  • Encryption: All data transmissions are secured with TLS 1.2+ encryption. Sensitive data is encrypted at rest and in transit.
  • Authentication & Access Controls: Multi-factor authentication and strict role-based access controls are enforced for staff and administrators.
  • Security Audits: Regular internal and third-party audits are performed. Our systems undergo eCOGRA and ISO 27001-aligned reviews.
  • Staff Training: Ongoing staff education on data security, privacy, and incident response is mandatory.
  • Incident Response: Comprehensive protocols are in place for detecting, reporting, and managing security incidents, including user notification where required by law.

Regional Compliance Note: Security practices meet or exceed requirements under NZ Privacy Act 2020 and the Kahnawake Gaming Commission. eCOGRA certification ensures independent audit of security and fairness.

Complaints & Contacts

OBSERVE: Provide all user complaint mechanisms and authority escalation paths.
EXPAND: Detail procedures, response times, and regulatory contacts.
REFLECT: Guarantee users accessible, effective redress channels.

  • Primary Contact: For all privacy concerns, email support@zodiac-nz.com or use our online form. Live chat is also available.
  • Complaint Procedure: Submit your complaint with details of the issue and relevant evidence. You will receive an acknowledgment within 2 business days, and a substantive response within 30 days.
  • Escalation: If unsatisfied, you may escalate to the NZ Office of the Privacy Commissioner (OPC):
    Website: https://www.privacy.org.nz/
    Phone: 0800 803 909
    Email: enquiries@privacy.org.nz

Regional Compliance Note: The complaints process is designed in accordance with NZ Privacy Act requirements, guaranteeing accessible and timely resolution for all users.

Updates

OBSERVE: Outline notification and version control protocols for policy changes.
EXPAND: Address user options and advance notice requirements.
REFLECT: Ensure transparency and user autonomy in response to changes.

  • Notification Methods: We will notify users of material changes via email, website banners, and account dashboard alerts.
  • Advance Notice: Significant changes will be communicated at least 30 days in advance, allowing users to review, object, or close their accounts if they disagree.
  • Version Control: Each policy version includes a "Last updated: 6 November 2025" timestamp. A changelog summarizing material amendments is available upon request.

Regional Compliance Note: Our update procedures ensure full transparency and user protection, as required by NZ law and international standards.