burger icon
Christchurch Casino
Log In

Privacy Policy

This privacy policy explains how christchurch-casino, operating exclusively via christchurchs.com, collects, uses, discloses, and protects personal data of players and visitors to our websites and services. This policy applies to all users of christchurchs.com and associated online platforms as of 6 November 2025. It is designed to ensure transparency and compliance with the New Zealand Privacy Act 2020, the Gambling Act 2003, and relevant international standards.

Who We Are

OBSERVE: christchurch-casino is operated by Christchurch Casinos Limited, a limited liability company registered in New Zealand. EXPAND: Our registered office and headquarters are located at 30 Victoria Street, Christchurch Central, Christchurch 8013, New Zealand. We are licensed and regulated by the New Zealand Gambling Commission under Casino Venue and Operator's Licences (valid until 2033, see licence details). REFLECT: For all privacy-related inquiries or to contact our Data Protection Officer (DPO), please use:

  • Legal Name: Christchurch Casinos Limited
  • Company Registration Number: 9429039055262
  • Registered Address: 30 Victoria Street, Christchurch Central, Christchurch 8013, New Zealand
  • DPO Contact: Email: info@christchurchs.com; Phone: +64 3 365 9999
  • Contact Form: christchurchcasino.co.nz/contact/

What Personal Data We Collect

OBSERVE: We collect personal and technical data necessary for lawful casino operations. EXPAND: Data categories reflect both regulatory requirements and operational needs. REFLECT: Data collected includes:

  • Personal Identification Data: Full name, date of birth, government-issued ID details, physical address, email address, phone number.
  • Account and Transaction Data: Username, account credentials, transactional history, bet history, payment method details (excluding full payment card numbers).
  • Technical Data: IP address, device type, operating system, browser type, access timestamps, system logs.
  • Behavioral Data: Betting patterns, game selection, clickstream data, session duration, interaction logs.
  • Cookies and Similar Technologies: Session identifiers, persistent cookies, analytics cookies, advertising pixels (see "Cookies & Tracking Technologies" below).

We do not intentionally collect sensitive personal data unless required by law (e.g., for identity verification under KYC/AML rules).

Legal Basis for Processing

OBSERVE: All data processing activities are grounded in NZ law and applicable legal principles. EXPAND: Legal bases are identified in accordance with the Privacy Act 2020, Gambling Act 2003, and relevant contractual obligations. REFLECT: We process your personal data based on:

  • User Consent: For optional marketing communications, cookies, or where required for non-essential processing.
  • Contract Fulfilment: To establish, manage, and maintain your account, process payments, and provide casino services as per our terms and conditions.
  • Legal Obligations: Compliance with KYC (Know Your Customer), AML (Anti-Money Laundering), and reporting duties to regulators under NZ law.
  • Legitimate Interests: To prevent fraud, ensure security, conduct analytics and improve service quality, provided such interests are not overridden by your rights and freedoms.

Where we request your consent for specific data uses, you may withdraw it at any time without affecting the lawfulness of earlier processing.

Purpose of Processing

OBSERVE: Data is processed for operational, legal, and user experience purposes. EXPAND: Each purpose is aligned with regulatory and business needs. REFLECT: We use your data to:

  • Provide and Manage Casino Services: Account registration, verification, gameplay, transaction processing, and customer support.
  • Enhance and Improve Services: Internal analytics, service optimization, and user feedback analysis.
  • Marketing and Communications: Sending newsletters, promotional offers, and service updates (subject to opt-in consent).
  • Fraud Prevention & Risk Management: Monitoring and investigating suspicious activity, enforcing responsible gambling policies.
  • Legal Compliance: Meeting KYC/AML obligations, responding to lawful requests from authorities.

Disclosure & Sharing

OBSERVE: Data sharing is limited to necessary partners and legal requirements. EXPAND: Explicit and implicit obligations require careful disclosure management. REFLECT: We may disclose your data to:

  • Payment Service Providers: To process deposits and withdrawals securely.
  • Technology and Business Partners: Providers of IT, hosting, analytics, and customer support services under binding confidentiality agreements.
  • Regulatory Authorities: New Zealand Gambling Commission and other lawful authorities as required for compliance.
  • Affiliates and Marketing Partners: Only with your explicit consent for promotional activities.
  • Legal Advisors and Auditors: For legal compliance, dispute resolution, and regulatory reporting.

We do not sell or rent personal data. All third parties are contractually obligated to maintain data security and confidentiality.

International Transfers

OBSERVE: Data is mainly processed in New Zealand, but some partners may be located overseas. EXPAND: Transfers are governed by contractual and regulatory safeguards. REFLECT: Where personal data is transferred outside New Zealand (e.g., for cloud services, analytics), we ensure:

  • Use of Standard Contractual Clauses or Equivalent Protections: Ensuring data receives an adequate level of protection in line with NZ Privacy Act 2020 and relevant international standards.
  • Vendor Due Diligence: Prior assessment of third-party security and privacy practices.
  • User Notification: Users will be informed if new international data transfer arrangements are established.

Transfers to jurisdictions without comparable privacy laws are only made with additional safeguards or your explicit consent.

Data Retention

OBSERVE: Retention periods are set according to legal and operational requirements. EXPAND: All retention is justified and time-limited. REFLECT:

  • Account and Transaction Data: Retained for up to 5 years after account closure or last transaction, in accordance with KYC/AML and regulatory recordkeeping requirements.
  • Marketing Data: Retained until you withdraw consent or unsubscribe.
  • Technical and Behavioral Data: Retained as long as necessary for security, analytics, and service improvement purposes, typically up to 2 years.
  • Deletion Criteria: Data is deleted or anonymized upon expiry of retention periods, user request (subject to legal exceptions), or when processing purposes are fulfilled.

Data may be retained for longer where required to resolve disputes, enforce agreements, or comply with legal obligations.

Your Rights

OBSERVE: Users are granted comprehensive rights under the NZ Privacy Act 2020, with alignment to international (GDPR) standards. EXPAND: We ensure robust procedures for exercising rights. REFLECT: As a user of christchurchs.com, you have the right to:

  1. Access: Request confirmation of whether we process your personal data and receive a copy of your data.
  2. Correction: Request correction or update of inaccurate or incomplete personal data.
  3. Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  4. Restriction: Request limitation of data processing in specific circumstances (e.g., contesting accuracy, pending legal claims).
  5. Objection: Object to processing for direct marketing or where processing is based on legitimate interests.
  6. Data Portability: Request transmission of your data in a machine-readable format to another provider, where technically feasible.
  7. Withdraw Consent: Withdraw consent for marketing communications or other non-essential processing at any time.

Procedures: Submit requests via email (info@christchurchs.com), phone (+64 3 365 9999), or our contact form. We will respond within 30 days, free of charge, subject to verification of your identity. If your request cannot be fulfilled due to legal obligations, you will be informed of the reasons. You may also lodge complaints with the New Zealand Privacy Commissioner (privacy.org.nz).

Cookies & Tracking Technologies

OBSERVE: christchurchs.com uses cookies and similar technologies to support site functionality and analytics. EXPAND: Cookie usage is transparent and user-controlled. REFLECT:

  • Session Cookies: Essential for secure login and session management; deleted when you close your browser.
  • Persistent Cookies: Remember user preferences and settings for future visits; retained for up to 12 months.
  • Third-Party Cookies: Used for analytics (e.g., Google Analytics) and marketing with your consent.

You can manage or disable cookies via your browser settings or, where available, through our internal cookie preference panel. Note that disabling certain cookies may affect site functionality.

Data Security

OBSERVE: Data security is a critical obligation under NZ law and international standards. EXPAND: We deploy multi-layered measures to safeguard data. REFLECT: Our security controls include:

  • TLS 1.2+ Encryption: All data in transit is encrypted using industry-standard protocols.
  • Encryption at Rest: Sensitive data is encrypted when stored on our servers.
  • Multi-Factor Authentication: Applied for internal systems and, where available, for user accounts.
  • Strict Access Controls: Data access is limited to authorized personnel on a need-to-know basis.
  • Regular Security Audits and Penetration Testing: Ongoing assessment of IT systems for vulnerabilities.
  • Staff Training: Mandatory privacy and security training for all employees handling personal data.
  • Incident Response Procedures: Rapid containment and notification in the event of a data breach.
  • Compliance with Standards: Alignment with ISO 27001 and SOC 2 best practices where applicable.

Despite robust controls, no method of transmission or storage is completely secure. In the event of a significant data breach, affected users and authorities will be notified in accordance with NZ law.

Complaints & Contacts

OBSERVE: We provide accessible channels for complaints and feedback. EXPAND: Our complaint procedures are transparent and timely. REFLECT:

  1. Submit your complaint: Contact our DPO or use the contact form with details of your concern.
  2. Initial response: We aim to acknowledge all complaints within 5 business days and provide a substantive response within 30 days.
  3. Escalation: If you are dissatisfied with our response, you may escalate your complaint to the Privacy Commissioner (New Zealand Privacy Commissioner, privacy.org.nz, phone: +64 4 474 7590).

Your concerns are important to us, and we are committed to resolving all matters promptly and fairly.

Updates

OBSERVE: Policy changes are communicated transparently and in advance. EXPAND: Change management procedures are robust and user-centric. REFLECT:

  • Notification of Changes: Material changes to this policy will be communicated to users at least 30 days in advance via email, website banners, and/or account dashboard notifications.
  • User Options: You may object to significant changes or close your account before amendments take effect.
  • Version Control: This policy is versioned and includes a "Last updated" date. Material changes will be summarized in a changelog at the end of this document.

Last updated: 6 November 2025

Changelog: All substantive amendments since the previous version will be detailed here for user reference.