Privacy Policy

This privacy policy explains how casumo-casino-new-zealand, operating exclusively through casumo-nz.com, collects, uses, and protects your personal information. It applies to all players and visitors accessing our services in New Zealand. The policy is effective as of 6 November 2025 and is designed to ensure transparency and compliance with New Zealand's Privacy Act 2020 and all applicable gambling industry standards.

Who We Are

OBSERVE: The operator of casumo-nz.com is Casumo Services Limited, a registered company within the European Union, holding valid international gaming licenses and certifications. EXPAND: Under NZ law, full operator identification and data protection contact points must be provided for effective regulatory oversight and user trust. REFLECT: All necessary corporate and contact information is detailed below to ensure full transparency and facilitate the exercise of your data rights.

• Legal Name: Casumo Services Limited
• Registered Address: The Unicorn Centre, Triq il-Uqija, Swieqi, SWQ 2335, Malta
• Company Registration Number: C 55663
• Licensing and Certification:
  • MGA/CRP/217/2012 (Malta Gaming Authority, valid through 2025)
  • UKGC 39265 & 61549 (UK Gambling Commission, valid through 2025)
  • eCOGRA ADR & RNG certification (valid through 2025)
• Data Protection Contact: Data Protection Officer (DPO), Casumo Services Limited
• Email: hey@casumo-nz.com
• Live Chat: https://casumo-nz.com
• Website: https://casumo-nz.com

What Personal Data We Collect

OBSERVE: Collection of personal and technical data is essential for lawful online casino operation and regulatory compliance. EXPAND: NZ law requires explicit disclosure of all data categories, including behavioral data arising from gambling activity. REFLECT: The following data types are processed when you access or use casumo-nz.com:

• Personal Identification Data: Name, date of birth, physical address, email address, phone number.
• Account Data: Username, account credentials, account history, KYC documentation.
• Technical Data: IP address, device type, browser information, operating system, log files.
• Payment Data: Credit/debit card details, bank account information, transaction records.
• Behavioral Data: Betting and wagering history, session information, user navigation patterns, clicks, play frequency.
• Cookies & Tracking Technologies: Session cookies, persistent cookies, third-party cookies (analytics, advertising).

Legal Basis for Processing

OBSERVE: NZ's Privacy Act 2020, along with international standards, requires clear legal grounds for each processing activity. EXPAND: Processing must be justified by user consent, contractual necessity, regulatory compliance, or legitimate interest. REFLECT: casumo-casino-new-zealand processes data on casumo-nz.com for the following legal bases:

1. User Consent: Provided during account registration, acceptance of marketing, or cookie preferences.
2. Contractual Necessity: Processing necessary to operate your casino account, deliver gaming services, and facilitate payments or withdrawals.
3. Legal Obligations: Compliance with KYC (Know Your Customer), AML (Anti-Money Laundering), and responsible gambling regulations as required by NZ law and international licenses.
4. Legitimate Interests: Detection and prevention of fraud, ensuring platform security, conducting analytics to improve services, and maintaining regulatory audit trails.

Protective Clause: Where processing is based on consent, you may withdraw your consent at any time via the account dashboard or by contacting the DPO.

Purpose of Processing

OBSERVE: NZ's privacy regime mandates a transparent statement of all processing purposes, especially in the gambling sector. EXPAND: Users must understand not only primary service delivery but also secondary uses such as analytics and marketing. REFLECT: Personal and technical data collected through casumo-nz.com is processed for the following purposes:

• Service Provision: To create and manage your casino account and provide access to gaming services.
• Transaction Processing: To facilitate deposits, withdrawals, and manage payment disputes.
• Compliance: To comply with legal and regulatory obligations, including age verification and anti-fraud controls.
• Service Improvement: To monitor, analyze, and enhance website functionality, user experience, and security.
• Marketing: To send promotional materials, account updates, and targeted offers-only with your explicit consent.
• Analytics: To aggregate data for statistical analysis, market research, and product development.
• Fraud Prevention: To detect suspicious behavior and prevent unauthorized access or misuse of casino services.

Disclosure & Sharing

OBSERVE: Under NZ law and international gambling regulations, disclosure of personal data to third parties must be limited and clearly justified. EXPAND: Data sharing is restricted to service providers and authorities with legitimate need or user consent. REFLECT: casumo-casino-new-zealand may share data collected via casumo-nz.com in the following circumstances:

• Payment Partners: For processing deposits, withdrawals, and payment verification.
• Regulatory Authorities: Upon lawful request or as required for compliance with NZ and international gambling regulations.
• Service Providers: IT, analytics, customer support, and security services under strict confidentiality agreements.
• Affiliates: For joint promotions or player referrals, subject to your consent and privacy preferences.
• Advertising Networks: With explicit consent, for marketing campaigns and personalized offers.
• Legal Compliance: To law enforcement or courts where disclosure is legally required.

Protective Clause: All third-party recipients must adhere to robust data protection standards equivalent to those mandated in New Zealand and the EU.

International Transfers

OBSERVE: Data processed on casumo-nz.com may be transferred to or accessed from jurisdictions outside New Zealand, including Malta, Gibraltar, Croatia, North Macedonia, and the United Kingdom. EXPAND: NZ's Privacy Act requires that overseas transfers safeguard personal information to standards comparable to NZ law. REFLECT: All such transfers are secured by:

• Standard Contractual Clauses: Binding contractual safeguards in line with EU and NZ privacy requirements.
• Certification Mechanisms: eCOGRA certifications and adherence to ISO 27001 standards where applicable.
• Data Minimization: Only the minimum necessary data is transferred for the intended processing purpose.
• Continuous Oversight: Regular reviews and audits of international data handling processes.

Regional Compliance Note: By using casumo-nz.com, you consent to necessary international data transfers under these protective measures.

Data Retention

OBSERVE: NZ legal requirements dictate maximum retention periods and clear deletion criteria for all personal data. EXPAND: Gambling operators must retain certain records for regulatory and anti-fraud purposes, but not indefinitely. REFLECT: casumo-casino-new-zealand applies the following retention policies:

• Account Data: Retained for the duration of your active account and for up to 5 years after closure, in line with regulatory requirements for anti-money laundering and audit purposes.
• Payment and Transaction Data: Retained for up to 7 years to comply with financial and taxation regulations.
• Marketing Data: Retained until consent is withdrawn or a maximum of 2 years after last activity.
• Behavioral and Technical Data: Retained for analytics and security purposes for up to 2 years.

Deletion Criteria: Data is deleted upon user request, expiration of retention period, or when no longer required for the original processing purpose, subject to legal and regulatory exceptions.

Your Rights

OBSERVE: NZ's Privacy Act 2020 aligns closely with GDPR, granting users comprehensive rights to access, correct, and control their personal information. EXPAND: Although Mexican privacy law is not directly applicable, international best practices are respected for global compliance. REFLECT: As a user of casumo-nz.com, you have the following rights:

1. Access: Request a copy of the personal data held about you.
2. Correction: Request correction of inaccurate or incomplete information.
3. Erasure: Request deletion of your data (the "right to be forgotten"), except where retention is required by law.
4. Restriction: Request to restrict processing of your data under certain circumstances.
5. Objection: Object to processing for direct marketing or on grounds relating to your particular situation.
6. Data Portability: Request to receive your personal data in a structured, machine-readable format and transfer it to another provider.
7. Withdraw Consent: Withdraw consent for marketing or other optional processing at any time.

• How to Exercise: Contact the DPO at hey@casumo-nz.com or use the live chat feature on casumo-nz.com. You may also submit requests via our online feedback forms.
• Response Times: All requests will be acknowledged within 5 business days and completed within 30 days, free of charge, unless manifestly unfounded or excessive.
• Complaints: If you believe your rights have been breached, you may escalate your complaint to the NZ Privacy Commissioner (privacy.org.nz), or EU authorities if you are based in the EU.

Protective Clause: Your rights are guaranteed in accordance with the NZ Privacy Act 2020 and, where applicable, GDPR standards.

Cookies & Tracking Technologies

OBSERVE: The use of cookies and similar tracking technologies on casumo-nz.com must be disclosed and user control facilitated. EXPAND: NZ and EU standards require clear cookie categorization and opt-out mechanisms. REFLECT: Our website uses the following:

• Session Cookies: Temporary, necessary for secure account log-in and gameplay; deleted when your session ends.
• Persistent Cookies: Remain on your device for up to 12 months to remember preferences and improve navigation.
• Third-Party Cookies: Used by analytics providers (e.g., Google Analytics) and advertising partners (with your consent) for performance monitoring and targeted marketing.

• Cookie Management: You can manage or disable cookies via your browser settings or through the cookie management panel accessible on casumo-nz.com.
• Opt-out: Disabling certain cookies may affect website functionality or your user experience.

Further information is available in our Cookie Policy.

Data Security

OBSERVE: Protecting personal information is a regulatory imperative under NZ law and a core industry standard, especially for gambling operators. EXPAND: Security controls must address both technical and organizational risks, including cyber threats and unauthorized access. REFLECT: casumo-casino-new-zealand implements a comprehensive suite of security measures across casumo-nz.com:

• TLS 1.2+ Encryption: All data transmitted between your device and our servers is encrypted using industry-standard protocols.
• Encryption at Rest: Sensitive data is encrypted when stored within our infrastructure.
• Multi-Factor Authentication: Required for staff access to critical systems and for certain user actions.
• Role-Based Access Controls: Only authorized personnel can access your information, strictly on a need-to-know basis.
• Regular Security Audits: Periodic internal and third-party audits, including eCOGRA and ISO 27001 compliance reviews.
• Staff Training: Ongoing security training for all employees to ensure awareness of data protection obligations.
• Incident Response: Documented procedures for rapid detection, investigation, and notification of data breaches.

Compliance Note: Our policies and procedures are reviewed annually and whenever significant regulatory changes occur, ensuring ongoing compliance with ISO 27001 and SOC 2 standards where applicable.

Complaints & Contacts

OBSERVE: NZ privacy law and gambling regulations require clear, accessible complaint channels and escalation paths. EXPAND: Users must be able to contact the DPO, submit complaints, and escalate unresolved issues to supervisory authorities. REFLECT: If you have questions or complaints about your data privacy on casumo-nz.com, please use the following channels:

• Data Protection Officer (DPO): Email hey@casumo-nz.com
• Live Chat: https://casumo-nz.com (24/7 support)
• Online Feedback Form: Accessible via the support section of casumo-nz.com

1. Initial Complaint: Submit your concern to our DPO or via live chat. We will acknowledge receipt within 5 business days.
2. Investigation: We will investigate and provide a substantive response within 30 days.
3. Escalation: If you are dissatisfied with our response, you may escalate your complaint to the Office of the Privacy Commissioner (NZ) via privacy.org.nz or by phone (+64 4 474 7590).
4. EU Users: You may contact your local EU supervisory authority if you are resident in the European Union.

All complaints are handled free of charge and in accordance with NZ and EU privacy regulations.

Updates

OBSERVE: Legal requirements mandate notification of material changes to privacy policies. EXPAND: Users must be able to review changes and object or withdraw consent where significant updates occur. REFLECT: casumo-casino-new-zealand will notify you of privacy policy updates in the following ways:

• Email Notification: Registered users will receive advance notice by email at least 30 days before any material change takes effect.
• Website Banners: Prominent banners will be displayed on casumo-nz.com upon login and in the account dashboard.
• Changelog: Material changes are summarized in a changelog at the end of this policy.
• User Options: If you do not agree to material changes, you may close your account or contact the DPO to object.

Version Control: Last updated: 6 November 2025.

• Changelog: Updated data retention periods, clarified international transfer mechanisms, and enhanced user rights section for NZ compliance.

For further details or historic versions, please contact hey@casumo-nz.com.