Privacy Policy

This privacy policy is essential to inform players and visitors to cosmo-casino-new-zealand, accessible exclusively via cosmo-nz.com, about the collection, use, and protection of their personal information. It applies to anyone who accesses or uses the services of cosmo-casino-new-zealand through this platform. The effective date of this policy is 6 November 2025.

Who We Are

OBSERVE: The legal operator of cosmo-nz.com is a member of the Casino Rewards Group, operating under a valid online casino licence (No. 00884) issued by the Kahnawake Gaming Commission. As part of our compliance obligations, we disclose the following legal and contact details:

• Legal Name: Casino Rewards Group (operating brand: cosmo-casino-new-zealand for cosmo-nz.com)
• Game Licence: 00884 (Kahnawake Gaming Commission - valid as of 2025)
• Date Founded: 2017
• Parent Company: Casino Rewards Group
• Legal Address & Registration: Not specified; legal documentation maintained in compliance with licensing obligations. Jurisdiction: British Virgin Islands and Kahnawake regulatory oversight.
• Data Protection Officer (DPO): Riley Thompson
  Email: [email protected]
  Live Chat: https://cosmo-nz.com/livechat
• Website: https://cosmo-nz.com

All privacy-related matters should be directed to our Data Protection Officer using the email or live chat above. All requests are handled in accordance with New Zealand privacy law and our licensing conditions.

What Personal Data We Collect

OBSERVE: To operate online gambling services compliantly and securely, cosmo-casino-new-zealand collects several categories of personal data from users of cosmo-nz.com. Data is gathered at account registration, during gameplay, when making payments, or interacting with the website or support channels.

Categories of Data Collected

• Personal Identification Data: Full name, date of birth, residential address (as provided), email address, phone number.
• Verification/KYC Data: Copies of identification documents, proof of address, records required for regulatory compliance (including anti-money laundering laws).
• Technical Data: IP addresses, device identifiers, geolocation data (subject to consent), operating system, browser details, access logs.
• Payment & Financial Data: Credit/debit card details (tokenized where applicable), bank account numbers, payment processor transaction IDs, deposit/withdrawal records, wallet information.
• Behavioral & Usage Data: Betting history, transaction logs, gameplay interactions, user preferences, clickstream (navigation) data, referral data.
• Marketing & Communication Data: User communication preferences, records of marketing consent, survey responses.
• Cookies and Tracking Technologies: Data collected via cookies, web beacons, pixels, including browsing patterns and session activity (see "Cookies & Tracking Technologies" section).

We do not intentionally collect data from minors or unauthorised users. Data submitted through our support channels or as part of regulatory requests is processed in compliance with all applicable laws.

Legal Basis for Processing

OBSERVE: cosmo-casino-new-zealand processes user data on cosmo-nz.com strictly in accordance with New Zealand's Privacy Act 2020, sector-specific gambling requirements, and relevant provisions of the EU General Data Protection Regulation (GDPR) where applicable. All processing activities are justified by identifiable legal bases.

Legal Grounds for Data Processing

1. User Consent: Data processed for marketing communications or optional features is only handled where informed consent has been obtained. Consent can be withdrawn at any time via account settings or by contacting the DPO.
2. Contractual Necessity: Data is essential to deliver casino services (account creation, provision of games, transaction processing, support). Processing is required for fulfilment of contractual obligations between cosmo-casino-new-zealand and the user.
3. Legitimate Interests: We process data to prevent fraud, ensure platform security, improve our services, and for internal analytics, always ensuring these interests do not override user rights or freedoms.
4. Legal Obligations: Certain data is processed to comply with laws and regulatory frameworks (e.g., age verification, anti-money laundering checks, tax and reporting requirements, and responding to regulatory or law enforcement requests).

Protective Clauses: Data is never processed for purposes incompatible with the original collection grounds, and any change in legal basis will be communicated to users in advance.

Regional Compliance Note: Legal bases are aligned with NZ's Privacy Act, the Gambling Act 2003, and, where appropriate, GDPR standards for maximum user protection.

Purpose of Processing

OBSERVE: Data is processed only for clear and specific purposes, in alignment with industry standards and regulatory obligations. No data is used for unknown, unlawful, or unapproved means.

Main Purposes for Data Processing

• Account Management & Service Provision: To create, verify, and manage user accounts on cosmo-nz.com, facilitate gameplay, process deposits and withdrawals, and provide technical or customer support.
• Regulatory Compliance & Security: For mandatory identification, anti-fraud, KYC/AML checks, and to ensure the integrity of our gaming services.
• Service Quality & Improvement: To analyse gameplay patterns, monitor system performance, and develop enhancements or new features according to user feedback and platform analytics.
• Marketing & Communication (with consent): To send promotional offers, newsletters, and tailored content, subject to user's express consent and opt-out preferences.
• Analytics & Reporting: For compiling anonymous statistical reports to monitor trends, assess risk, and guide operational decision-making.
• Dispute Resolution: To manage and resolve user complaints, process claims, and respond to regulatory or enforcement requests.

We do not sell or lease user data to unauthorised third parties. All data usage abides by the stated purposes and is subject to continuous compliance monitoring.

Disclosure & Sharing

OBSERVE: As a responsible online casino, cosmo-casino-new-zealand restricts data sharing to trusted entities, strictly within legal obligations and user consent frameworks. All disclosures are governed by data processing agreements and subject to regulatory scrutiny.

Potential Recipients of Personal Data

• Payment Processors and Financial Institutions: To process deposits, withdrawals, and verify payment transactions in a secure manner.
• Service Providers and Platform Partners: Trusted third-party vendors engaged for customer support, IT infrastructure, security operations, analytics, game software, and compliance services (e.g., eCOGRA for fairness audits).
• Regulatory Authorities and Law Enforcement: Data shared to comply with legal requests, audits, reporting obligations, and licensing requirements under Kahnawake Gaming Commission and NZ laws.
• Affiliates and Advertising Networks (conditional): Data disclosed for marketing purposes only with specific user consent. Strict contractual controls ensure compliance.
• Corporate Group & Mergers: Data may be shared with entities within the Casino Rewards Group structure, or in connection with a business transfer, merger, or reorganisation (users will be notified in advance).

Protective Clauses: No data is sold to unauthorised parties. Recipients are contractually obliged to maintain data confidentiality and use the data only for the original stated purposes.

International Transfers

OBSERVE: cosmo-casino-new-zealand may transfer user data from New Zealand to other countries or regions as necessary to deliver its regulated services and fulfil contractual or regulatory obligations (for example, data may be processed in the British Virgin Islands, Canada, or countries where our data processors are based).

Data Transfer Safeguards

• Standard Contractual Clauses: Where data is transferred outside New Zealand (including to partners in the EU, Canada, or other jurisdictions), we implement legally recognised contractual safeguards to ensure your data receives equivalent protection as mandated by New Zealand's Privacy Act 2020 and, where relevant, GDPR.
• Reputable Processors: All third-party service providers are vetted for compliance with applicable privacy and security regulations and are selected based on their ability to protect data to international best-practice standards.
• Additional Measures: Where required, encryption and pseudonymisation are applied to data in transit and at rest during cross-border transfers.

We monitor international regulatory developments to maintain cross-border data flow compliance and will communicate any changes in transfer mechanisms to users, as required by law.

Regional Compliance Note: Our international transfer obligations are tailored to the needs of New Zealand users and overseen by Kahnawake and applicable international standards.

Data Retention

OBSERVE: Personal data at cosmo-casino-new-zealand is retained only as long as necessary for the stated purposes, to comply with legal or regulatory requirements, or as required for dispute resolution and fraud prevention. Our retention schedules reflect both New Zealand law and best industry practice.

Key Retention Periods and Deletion Criteria

• Personal Identification & KYC Data: Retained for up to 5 years following account closure, or longer if required by law or regulatory investigation.
• Transaction and Financial Data: Maintained for at least 7 years after transaction for tax and anti-fraud compliance (subject to regulatory changes).
• Marketing & Communication Preferences: Retained until withdrawal of consent or closure of account.
• Technical, Analytical, and Behavioral Data: Held for up to 2 years after account inactivity, subject to anonymisation or aggregation where possible.

Deletion and Anonymisation Process: Upon request, or once retention obligations expire, personal data is securely deleted or irreversibly anonymised (except where ongoing legal/regulatory proceedings prevent deletion).

Your Rights

OBSERVE: As a user of cosmo-casino-new-zealand on cosmo-nz.com, you have expansive legal rights over your personal data under the New Zealand Privacy Act 2020 and, where applicable, the EU GDPR. We support free, accessible mechanisms for you to exercise these rights, subject to verification and legal limits.

User Rights Overview

1. Right of Access: Request confirmation of whether your data is processed and receive a copy of your personal data held in our systems.
2. Right to Rectification: Correct any inaccurate or incomplete personal information by contacting [email protected] or via the live chat portal.
3. Right to Deletion ("Right to Be Forgotten"): Request the deletion or anonymisation of your data, except where retention is required by law.
4. Right to Restriction: Limit the processing of your data while a dispute or verification is underway.
5. Right to Object: Object to certain processing activities, including direct marketing or data profiling, at any stage by contacting our DPO.
6. Right to Data Portability: Receive a machine-readable copy of your data or request secure transmission to another provider, as permitted by law.
7. Right to Withdraw Consent: Withdraw marketing or other non-essential data processing consent at any time via account dashboard or by emailing [email protected].
8. Additional Protections: Prompt notification of data breaches affecting your personal information and access to dispute escalation with regulatory authorities.

How to Exercise Your Rights

• Submit a request to [email protected] or via live chat.
• We will verify your identity and respond within 30 days, free of charge, unless exceptional legal factors apply (in which case you will be notified).
• User rights may be subject to certain limitations where regulatory or legal obligations require continued data processing or retention.

Regional Compliance Note: cosmo-casino-new-zealand is fully aligned with the NZ Privacy Act 2020, and incorporates GDPR principles where applicable for maximum user transparency and protection.

Cookies & Tracking Technologies

cosmo-casino-new-zealand, through cosmo-nz.com, uses cookies and tracking technologies to enhance user experience, ensure secure operation, and deliver relevant content.

Types and Purposes of Cookies Used

• Session Cookies: Temporarily stored for secure navigation and session management; expire after browser closure.
• Persistent Cookies: Remain in the browser for a defined period to save login preferences and personalise site content.
• Third-Party Cookies: Provided by analytics vendors (e.g., Google Analytics), affiliate networks, and advertising partners (with user consent), enabling insight into site usage and effectiveness of marketing campaigns.

Cookie Management Options

• Control cookie preferences using your browser's privacy settings or the internal cookie management panel provided on cosmo-nz.com.
• Blocking or disabling certain cookies may impact site functionality, including login, game access, and transactional security.
• Refer to our Cookie Policy, accessible from every page of cosmo-nz.com, for detailed management guides.

Data Security

OBSERVE: Security of user data is foundational for cosmo-casino-new-zealand's operations and required by both NZ and international standards. Our systems and procedures are designed to mitigate all foreseeable risks to the confidentiality, availability, and integrity of your data.

Comprehensive Security Measures

1. TLS 1.2+ Encryption: All data transmissions between your device and cosmo-nz.com are protected using advanced TLS protocols to prevent interception.
2. Data Encryption at Rest and in Transit: Sensitive personal and payment data are encrypted during storage and transmission. Access to data is strictly restricted to authorised personnel under robust access controls.
3. Multi-Factor Authentication (MFA): Mandatory for staff access to sensitive systems. Users are encouraged to activate MFA for their own accounts.
4. Regular Security Audits: We conduct comprehensive audits, vulnerability scans, and penetration testing to identify and remediate risks. Certification by eCOGRA confirms operational fairness and security.
5. Staff Training & Awareness: All staff undergo ongoing privacy and security training, including secure handling of user data and incident response protocols.
6. Incident Response: Established procedures are in place for investigating, containing, and communicating about data breaches in line with NZ and international regulations.
7. International Compliance: Security practices are aligned with ISO 27001 and SOC 2 standards, to the extent applicable for a licensed online gambling platform.

Any known or suspected breach of user data will be promptly notified to affected individuals and appropriate regulators in accordance with legal obligations.

Complaints & Contacts

OBSERVE: cosmo-casino-new-zealand is committed to transparent and responsive handling of privacy enquiries and complaints received via cosmo-nz.com. Direct and structured complaint channels are provided below.

How to Lodge a Complaint

• Email: Send details of your complaint to [email protected].
• Live Chat: Submit through our secure portal at https://cosmo-nz.com/livechat.
• Postal Address: (If required, address will be provided by DPO upon verified request.)

Complaint Procedure

1. Detail your concerns or request in writing, including any supporting documentation.
2. Our DPO or support team will acknowledge receipt within 5 business days and investigate the matter thoroughly.
3. A substantive response will be provided within 30 days. If a delay is expected, interim updates will be communicated.
4. If you are unsatisfied with the response or resolution, you may escalate your complaint to a relevant privacy supervisory authority.

Escalation to Supervisory Authorities

• New Zealand Office of the Privacy Commissioner
  https://privacy.org.nz
  Phone: 0800 803 909
• Kahnawake Gaming Commission (Gaming-related issues)
  https://www.gamingcommission.ca
• For European residents, complaints may be raised with the relevant EU data protection authority where applicable.

Updates

OBSERVE: Our privacy policy is subject to periodic review and update to ensure continuing legal compliance and to reflect operational or regulatory changes affecting cosmo-casino-new-zealand on cosmo-nz.com.

• Notification Procedures: Users will be informed of updates via email, on-site banners, and account dashboard alerts at least 30 days before significant changes take effect.
• User Options: If you object to any material change, you may close your account without penalty or contact our DPO to discuss concerns before the update becomes effective.
• Version Control: This policy is versioned and timestamped.
  Last updated: 6 November 2025
• Changelog of Material Changes: Substantive modifications are summarised at the top of the policy for user reference.

This privacy policy remains binding as long as you continue to use cosmo-casino-new-zealand services via cosmo-nz.com. We encourage users to check this page regularly for updates.