Privacy Policy

This Privacy Policy explains how one-casino-new-zealand, operating through onecasino-nz.com, collects, uses, shares, and protects your personal information. It applies to all players and visitors using our services and website. Effective as of 6 November 2025, this Policy ensures compliance with all applicable New Zealand privacy laws and international industry standards.

Who We Are

OBSERVE: Identification of legal operator, address, and contact points (LoT phase 1).
EXPAND: Inference of DPO role and regulatory registration requirements for transparency and accountability (LoT phase 2).
REFLECT: Full legal disclosure and contact integration for user rights and compliance inquiries (LoT phase 3).

• Operator Name: One Casino Limited (Ltd.), a company registered in Malta (Company No. C 73399).
• Registered Address: Level 8 The Centre, IX-XATT TA' TIGNE', SLIEMA, TPO 0001, Malta.
• Licensed Activity: Type 1 Gaming Services (Casino, Lotteries), under Malta Gaming Authority License MGA/B2C/327/2016, valid through 2025.
• Contact for Data Protection:
  • Data Protection Officer (DPO): Sophie Thompson (acting contact), One Casino Limited, Level 8 The Centre, IX-XATT TA' TIGNE', SLIEMA, TPO 0001, Malta.
  • Email:
  • Phone:

Regional Compliance Note: For New Zealand clients, our operations comply with the NZ Privacy Act 2020 and international standards applicable to remote gambling services.

What Personal Data We Collect

OBSERVE: Data categories specified for online gambling under NZ and EU law.
EXPAND: Identification of all relevant data points (explicit and implicit) required for service delivery, security, and compliance.
REFLECT: Structured listing of data types with legal context and user clarity.

• Personal Identification Data: Full name, date of birth, residential address, email, phone number, and government-issued identification.
• Technical and Device Data: IP address, browser type, device identifiers, operating system, access logs, and session information.
• Payment and Financial Data: Credit/debit card details, bank account information, transaction records, and payment history.
• Behavioral Data: Account activity, bet and game history, clickstream data, and preferences related to site usage.
• Cookies and Tracking: Unique cookie IDs, session and persistent cookies, analytics data, and tracking technologies (see "Cookies & Tracking Technologies" below).

Legal Obligation: All data collected is necessary to provide regulated gambling services, comply with KYC/AML laws, and maintain site integrity.

Legal Basis for Processing

OBSERVE: Legal grounds under NZ Privacy Act 2020 and EU GDPR (applied extraterritorially).
EXPAND: Connection of user consent, contract, legal obligations, and legitimate interest rationale.
REFLECT: Precise explanation of processing bases, as required by law for transparency and defensibility.

• User Consent: Where required, we process your data based on your explicit agreement (e.g., marketing communications, cookies).
• Contractual Necessity: Processing is required to provide gaming services, manage your account, process payments, and fulfill our contractual obligations.
• Legal Obligations: Compliance with anti-money laundering (AML), know-your-customer (KYC), tax reporting, and gambling regulations in New Zealand and Malta.
• Legitimate Interests: Preventing fraud and abuse, maintaining IT security, optimizing our services, and conducting statistical analysis, provided your fundamental rights are not overridden.

Protective Clause: We do not process personal data for purposes incompatible with these legal bases without your explicit consent.

Purpose of Processing

OBSERVE: Core operational, compliance, and marketing purposes.
EXPAND: Explicit statement of intended data uses, as mandated for lawful processing.
REFLECT: Transparent listing for user understanding and regulatory auditability.

• Providing Casino Services: Account creation, identity verification, facilitating deposits/withdrawals, game access, and customer support.
• Improving Services: Monitoring site performance, troubleshooting issues, and enhancing user experience through analytics and feedback.
• Marketing and Promotions: Sending promotional emails, offers, and personalized content (with explicit user consent and opt-out options).
• Risk and Fraud Prevention: Monitoring for suspicious activities, enforcing responsible gambling policies, and upholding site security.
• Regulatory Compliance: Fulfilling obligations under NZ and international gambling, anti-fraud, and anti-money laundering laws.

Disclosure & Sharing

OBSERVE: Parties and circumstances where data sharing is legal or required by contract.
EXPAND: Inclusion of all possible data recipients (internal/external), including regulators and ADR bodies.
REFLECT: Full transparency for user awareness and legal compliance.

• Payment Partners: Banks and payment processors to facilitate deposits and withdrawals.
• Service Providers: IT hosting, analytics, marketing, and software vendors under strict confidentiality obligations.
• Regulatory Authorities: Malta Gaming Authority, NZ regulatory bodies, tax agencies, and law enforcement upon lawful request.
• Affiliates and Subsidiaries: Entities such as Fruity Reels, 1xSlot, Vegas Baby, and Casino Land, strictly for operational or compliance purposes.
• Advertising Networks: Only with your explicit consent for targeted marketing.
• Alternative Dispute Resolution (ADR): eCOGRA for dispute handling as mandated by licensing authority.

Protective Clause: All third parties must adhere to confidentiality and data protection agreements consistent with this Policy.

International Transfers

OBSERVE: Data transfer requirements for cross-border operations.
EXPAND: Identify transfer mechanisms and legal safeguards.
REFLECT: Ensure lawful transfer and user awareness.

• Destination Countries: Personal data may be transferred to Malta (headquarters), the European Economic Area (EEA), and other jurisdictions where our partners or service providers operate.
• Safeguards: All transfers employ legally recognized mechanisms, such as Standard Contractual Clauses (SCCs) and binding corporate rules. Data is never transferred to countries lacking adequate protection unless additional safeguards are in place and permitted by law.

Regional Compliance Note: All international transfers comply with NZ Privacy Act 2020, EU GDPR, and other applicable cross-border data protection standards.

Data Retention

OBSERVE: Legal minimum and maximum retention periods for gambling operations.
EXPAND: Criteria for retention and secure deletion.
REFLECT: User clarity and legal defensibility.

• Personal Data Retention: We retain personal, identification, and transactional data for a maximum of 5 years after account closure or last user activity, as required by NZ law and international standards.
• Deletion Criteria: Data is deleted when:
  • Legal retention periods expire
  • User requests erasure (subject to legal obligations)
  • Data is no longer necessary for the purposes collected
• Exceptions: If required by regulatory authorities, certain data may be retained for longer periods to comply with ongoing investigations or legal proceedings.

Protective Clause: All deletions are performed securely and irreversibly, in accordance with industry standards.

Your Rights

OBSERVE: NZ Privacy Act 2020, EU GDPR, and regional rights alignment.
EXPAND: Comprehensive description of rights, procedures, and timeframes.
REFLECT: User empowerment and legal compliance.

1. Right of Access: You may request a copy of your personal data held by one-casino-new-zealand at any time.
2. Right to Rectification: You may request correction of inaccurate or incomplete data.
3. Right to Erasure ("Right to be Forgotten"): You may request deletion of your data, subject to legal retention obligations.
4. Right to Restriction: You may request limitation of processing in specific circumstances.
5. Right to Object: You may object to processing based on legitimate interests or for marketing purposes.
6. Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format.
7. Right to Withdraw Consent: You may withdraw consent for marketing or other activities at any time, without affecting lawfulness of prior processing.
8. Procedures: Requests can be made free of charge by contacting our DPO (see "Complaints & Contacts"). We respond within 30 days of receipt, unless legally justified extensions apply.
9. Additional Protections: All rights are subject to limitations by applicable law, including NZ Gambling Act and international obligations.

Regional Compliance Note: This policy aligns with the NZ Privacy Act 2020 and EU GDPR provisions. For users in other jurisdictions, rights may vary as required by local law.

Cookies & Tracking Technologies

OBSERVE: Cookie types and purposes per NZ and EU cookie law.
EXPAND: User control and opt-out mechanisms.
REFLECT: User transparency and regulatory alignment.

• Session Cookies: Temporary cookies used for secure log-in and navigation during your session.
• Persistent Cookies: Remain on your device after the session to remember preferences and facilitate faster logins.
• Third-Party Cookies: Set by analytics, marketing, and affiliate networks (e.g., Google Analytics), only with user consent.
• Purposes: Functional (site operation), Analytics (usage statistics), Advertising (personalized offers, only if opted in).
• Cookie Management: You can manage or disable cookies via browser settings or through our internal cookie consent panel available on onecasino-nz.com.

Legal Obligation: Use of non-essential cookies is subject to your informed consent, and you may withdraw consent at any time.

Data Security

OBSERVE: Security measures mandated by industry standards and NZ law.
EXPAND: Integration of technical, organizational, and procedural safeguards.
REFLECT: User protection and regulatory compliance.

• Encryption: All data in transit is secured using TLS 1.2 or higher; sensitive data at rest is encrypted with industry-standard algorithms.
• Authentication and Access Controls: Multi-factor authentication (MFA) for staff; strict role-based access to sensitive data.
• Security Audits: Regular internal and external security assessments, including compliance with ISO 27001 and SOC 2 standards where applicable.
• Staff Training: Ongoing staff education on privacy, security, and incident response protocols.
• Incident Response: Comprehensive response plan, including prompt notification to users and regulators in the event of a data breach, as required by law.

Protective Clause: While we employ robust safeguards, no online system is completely immune from risks. Users are encouraged to use strong passwords and contact us immediately if they suspect unauthorized access.

Complaints & Contacts

OBSERVE: Multiple complaint channels and escalation mechanisms.
EXPAND: Inclusion of all available contact points, timelines, and supervisory authority details.
REFLECT: User empowerment and dispute transparency.

• Internal Complaints:
  • Contact our DPO, Sophie Thompson, via the website contact form or through support on onecasino-nz.com.
  • Complaints may also be submitted by post to: One Casino Limited, Level 8 The Centre, IX-XATT TA' TIGNE', SLIEMA, TPO 0001, Malta.
• Procedure:
  1. Submit your complaint or inquiry with supporting details.
  2. We acknowledge receipt within 5 business days.
  3. We aim to resolve all issues within 30 days; complex matters may require additional time, with progress updates provided.
• Escalation:
  • If you are unsatisfied, you may escalate your complaint to the Office of the Privacy Commissioner (NZ): www.privacy.org.nz, email: enquiries@privacy.org.nz, phone: 0800 803 909.
  • For EU-related matters, contact the Malta Data Protection Authority: www.idpc.org.mt.
  • For gambling disputes, eCOGRA ADR is available at ecogra.org/ata/dispute.php.

All communications are handled confidentially and in accordance with this Privacy Policy.

Updates

OBSERVE: User notification and version control requirements.
EXPAND: Advance notice, changelog, and opt-out mechanisms.
REFLECT: Transparent and user-centric update process.

• Notification: Material changes to this Policy will be communicated via email (where available), website banners, and within your account dashboard.
• Version Control: Last updated: 6 November 2025. All previous versions are archived for reference.
• Changelog: Significant updates include extension of data retention periods, expanded user rights, and enhanced security disclosures.
• Advance Notice: For significant changes, we provide at least 30 days' notice before implementation.
• User Options: You may object or request account closure before new terms take effect, without penalty.

For questions or concerns regarding updates, contact our Data Protection Officer via the channels provided above.