burger icon
Casino Review
Log In

Privacy Policy

This privacy policy explains how and why 888-casino-new-zealand, operating exclusively via 888-nz.com, collects, processes, and protects your personal information. It applies to all players and visitors using our online gambling services or interacting with our website. The effective date of this policy is 6 November 2025.

Who We Are

OBSERVE: The operator of 888-casino-new-zealand is part of 888 Holdings plc, with operations and regulatory oversight in multiple jurisdictions. EXPAND: Legal and compliance contacts are provided for all privacy-related matters. REFLECT: Full identification and transparency are ensured for the responsible handling of your data.

  • Legal Entity & Headquarters: 888-casino-new-zealand is provided by Virtual Digital Services Limited (subsidiary of 888 Holdings plc), headquartered at 601-701 Europort, Gibraltar, GX11 1AA.
  • NZ Service Context: All services for NZ players are offered exclusively via 888-nz.com.
  • Registration & Licensing:
    • Malta Gaming Authority License: MGA/CRP/543/2018 (Valid until 2025)
    • UK Gambling Commission License: 39028 (Valid until 2025)
    • Legal entity type: Public Limited Company (plc)
  • Data Protection Contact (DPO):

What Personal Data We Collect

OBSERVE: We identify all categories of user data processed. EXPAND: We ensure clarity on technical, behavioral, and regulatory-mandated data. REFLECT: Transparency for user awareness and regulatory compliance.

  • Personal Information: Full name, date of birth, address, nationality, email, phone number, identification documents (for KYC).
  • Account & Transaction Data: Username, password (encrypted), gaming activity, deposit and withdrawal records, betting history.
  • Technical Data: IP address, device identifiers, browser type, operating system, access logs, usage times.
  • Payment Information: Credit/debit card details, bank account data, e-wallet information, payment transaction references.
  • Behavioral Data: Clickstream data, navigation paths, in-game decisions, promotional interactions.
  • Cookies & Tracking: Session and persistent cookies, third-party analytics, advertising beacons, device fingerprinting.

Legal Basis for Processing

OBSERVE: All processing activities must be legally grounded under NZ, EU, and relevant international laws. EXPAND: Multiple lawful bases may apply to the same data depending on its use. REFLECT: User rights and interests are balanced against operational necessity and legal requirements.

  1. User Consent: Obtained for direct marketing, analytics, and certain cookies. Users may withdraw consent at any time via account settings or by contacting our DPO.
  2. Contractual Necessity: Processing required to register and maintain your account, facilitate deposits, issue payouts, and provide gaming services.
  3. Legal Obligations: Compliance with anti-money laundering (AML), Know Your Customer (KYC), taxation, and regulatory reporting requirements under NZ and international law.
  4. Legitimate Interests: Prevention of fraud and abuse, risk management, system security, service improvement, and analytics, always weighed against your fundamental rights.

Regional Compliance Note: All data processing is performed in accordance with New Zealand's Privacy Act 2020, the EU GDPR (where applicable), and relevant international standards.

Purpose of Processing

OBSERVE: Purposes must be explicit, legitimate, and proportionate. EXPAND: Purposes align with the lawful bases above. REFLECT: All processing is necessary and limited to the stated objectives.

  • Service Provision: Opening and managing player accounts, processing payments, enabling participation in online gaming, and communicating essential service information.
  • Service Enhancement: Analyzing user activity and feedback to improve platform functionality, user experience, and support.
  • Marketing & Promotions: Sending promotional offers, newsletters, and bonus information, subject to your consent.
  • Analytics: Monitoring website usage and gaming patterns for statistical, research, and business development purposes.
  • Fraud Prevention & Security: Detecting and preventing fraud, abuse, and prohibited activities to ensure the integrity of our services.
  • Regulatory Compliance: Fulfilling obligations to regulators (e.g., AML, KYC, tax reporting), and responding to lawful requests from authorities.

Disclosure & Sharing

OBSERVE: Data sharing is limited and always justified. EXPAND: Only trusted third parties and legal authorities have access, and only where necessary. REFLECT: Robust contractual and technical safeguards are enforced.

  • Payment Partners: Banks, credit card processors, and e-wallet providers for transaction validation and execution.
  • Service Providers: IT, software, cloud storage, marketing, analytics, and customer support vendors operating under strict confidentiality agreements.
  • Regulatory Authorities: Malta Gaming Authority, UK Gambling Commission, and New Zealand authorities for compliance and audit purposes.
  • Affiliates & Advertising Networks: With user consent, for targeted marketing and affiliate program administration.
  • Dispute Resolution Bodies: eCOGRA (ADR provider) for formal complaints or disputes.
  • Legal Obligations: Law enforcement agencies, courts, taxation authorities, and other legal bodies as required by law.

Protective Clauses: All third parties are contractually obliged to comply with applicable data protection laws and to process information solely for specified purposes.

International Transfers

OBSERVE: Data may be transferred internationally due to the global structure of 888 Holdings plc and its suppliers. EXPAND: Transfers are subject to strict legal and technical safeguards. REFLECT: User rights are always protected, irrespective of transfer destination.

  1. Regions Involved: Data may be transferred to and processed in Gibraltar (headquarters), Malta, UK, EU countries, and other jurisdictions where critical service providers are located.
  2. Safeguards: Standard Contractual Clauses (SCCs), binding corporate rules, and technical measures (encryption, access controls) are in place to ensure adequate data protection.
  3. Compliance: All transfers are compliant with New Zealand's Privacy Act 2020, EU GDPR, and other applicable legal frameworks.

Regional Compliance Note: Where local law requires, users will be notified of cross-border transfers and may exercise their rights regarding such transfers.

Data Retention

OBSERVE: Data is retained for only as long as necessary. EXPAND: Retention periods are justified by legal, operational, and security requirements. REFLECT: Data is deleted or anonymized when no longer required.

  • Personal Data: Retained for the duration of your account and up to five (5) years after account closure, as required for regulatory, anti-fraud, and AML compliance.
  • Transactional/Payment Data: Retained for at least five (5) years post-transaction to meet financial and legal obligations.
  • Marketing Data: Retained until you withdraw consent or request deletion.
  • Technical & Behavioral Data: Retained for no more than two (2) years, unless required for a legal dispute or security investigation.
  • Deletion Criteria: Data is deleted or anonymized upon user request (where permissible), expiry of statutory retention period, or when processing is no longer necessary.

Regional Compliance Note: Retention policies align with the NZ Privacy Act 2020 and international gambling industry standards.

Your Rights

OBSERVE: All user rights under the NZ Privacy Act 2020 and EU GDPR are respected. EXPAND: Procedures are transparent and accessible. REFLECT: Users are empowered to control their personal information.

  1. Access: You have the right to obtain confirmation of whether we process your personal data and to access a copy of your data.
  2. Correction: You can request correction of inaccurate or incomplete personal information at any time.
  3. Deletion ("Right to Erasure"): You may request deletion of your data, subject to legal retention obligations.
  4. Restriction: You may request restriction of processing where accuracy is contested, processing is unlawful, or you have objected to processing.
  5. Objection: You may object to processing based on legitimate interests or direct marketing.
  6. Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.
  7. Marketing Withdrawal: You may withdraw consent for marketing communications at any time via your account or by contacting our DPO.
  8. Procedures & Timelines: Submit requests via info@888-nz.com or support@888-nz.com. We will respond within 30 days, free of charge unless requests are manifestly unfounded or excessive.
  9. Legal References: Rights are granted under the NZ Privacy Act 2020, EU GDPR, and other applicable laws.

Regional Compliance Note: While 888-casino-new-zealand does not process data subject to Mexican law, all user rights equivalent to international best practices are honored.

Cookies & Tracking Technologies

OBSERVE: Full disclosure of all tracking mechanisms. EXPAND: Types, purposes, and management options are detailed. REFLECT: User autonomy and transparency are supported.

  • Session Cookies: Temporary cookies essential for site navigation and user authentication, deleted after browser closure.
  • Persistent Cookies: Remain on your device to remember preferences and improve future visits.
  • Third-Party Cookies: Analytics (e.g., Google Analytics), advertising networks, and affiliate partners to measure performance and personalize content.
  • Purposes: Site functionality, performance analytics, targeted advertising, fraud prevention, and user experience customization.
  • Management: Modify settings via your browser to block or delete cookies. Use our internal cookie panel to adjust preferences at any time (see Cookie Policy).

Data Security

OBSERVE: Data security is foundational to trust and compliance. EXPAND: Measures address technical, organizational, and regulatory risks. REFLECT: International standards and best practices are implemented.

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using advanced cryptographic protocols.
  • Access Controls: Strict role-based access, multi-factor authentication for staff, and regular permissions reviews.
  • Security Audits: Regular internal and third-party security audits and vulnerability assessments.
  • Staff Training: Mandatory privacy and security training for all employees and contractors.
  • Incident Response: Formal incident detection, escalation, and response processes, including notification procedures for affected users and authorities.
  • Compliance: Adherence to ISO 27001 and SOC 2 security standards where applicable.

Regional Compliance Note: Security practices are aligned with NZ Privacy Act 2020 and EU GDPR requirements.

Complaints & Contacts

OBSERVE: Multiple clear channels for submitting privacy-related queries or complaints. EXPAND: Escalation procedures and regulatory contacts are provided. REFLECT: Timely, transparent, and fair complaint handling is a core commitment.

  • Data Protection Officer (DPO): info@888-nz.com
  • Support Email: support@888-nz.com
  • Physical Address for Written Complaints: 601-701 Europort, Gibraltar, GX11 1AA
  • Online Feedback: Contact form is available via 888-nz.com (where specified).
  1. Submit Complaint: Email our DPO or support team with full details of your concern. You will receive an acknowledgment within 48 hours.
  2. Internal Review: We will investigate and respond within 30 days.
  3. Escalation: If unsatisfied, you may escalate to the NZ Privacy Commissioner (www.privacy.org.nz) or, where relevant, the Malta Gaming Authority (mga.org.mt) or eCOGRA ADR (ecogra.org).

Regional Compliance Note: All complaints are handled in line with the NZ Privacy Act 2020. Supervisory authority contact information is always provided for unresolved matters.

Updates

OBSERVE: Policy changes must be clearly communicated. EXPAND: Users are given advance notice and meaningful choices. REFLECT: Transparency and user control are ensured for all material changes.

  • Notification Procedures: Advance notice of at least 30 days for material changes via email, prominent website banners, and account dashboard alerts.
  • Changelog: All material changes are summarized with effective dates.
  • User Options: Users may object to significant changes or choose to close their account before changes take effect.
  • Version Control: Last updated: 6 November 2025.

Material Change Log: This version updates data retention periods, security standards, and expands information about international data transfers and user rights in line with NZ regulations.