burger icon
Ruby Fortune Casino New Zealand
Log In

Privacy Policy

This Privacy Policy explains how personal information is collected, used, and protected when you use ruby-fortune-nz.com. The policy applies to all players and website visitors engaging with ruby-fortune-casino-new-zealand. Effective as of 6 November 2025, this document outlines your rights, our obligations, and the measures we take to comply with the Privacy Act 2020 (NZ), Gambling Act 2003 (NZ), and applicable international standards.

Who We Are

OBSERVE: The operator of ruby-fortune-casino-new-zealand is Bayton Ltd, a company registered in Malta, providing online casino services to New Zealand residents through ruby-fortune-nz.com.
EXPAND: Legal obligations require clear disclosure of ownership and contact information for privacy matters.
REFLECT: Users are entitled to know the entity responsible for data processing and how to reach the Data Protection Officer (DPO).

  • Legal Entity: Bayton Ltd (The Palace Group)
  • Registered Address: Villa Seminia, 8, Sir Temi Zammit Avenue, Ta' Xbiex XBX1011, Malta
  • Company Registration Number: C41970
  • Licensing: Licensed by Malta Gaming Authority (MGA/B2C/145/2007, valid through 2025) and Kahnawake Gaming Commission (00892, valid through 2025)
  • Data Protection Department Contact:

Regional Compliance Note: NZ residents are served by a Malta-based entity, with all data processing and privacy matters overseen by Bayton Ltd as required by New Zealand and EU law.

What Personal Data We Collect

OBSERVE: Data collection is required for account operation, legal compliance, and service improvement.
EXPAND: All categories of personal, technical, and behavioral data must be identified to fulfill transparency obligations.
REFLECT: The following categories are collected and processed by ruby-fortune-casino-new-zealand:

  • Personal Identification Data: Full name, date of birth, address, email, phone number, government-issued ID (for KYC/AML compliance).
  • Account Data: Username, password (encrypted), account status, communication preferences.
  • Technical Data: IP address, device identifiers, browser type, operating system, access times, log files.
  • Payment Data: Payment method details (credit/debit card, bank account, e-wallet), transaction history, withdrawal and deposit records.
  • Behavioral Data: Gaming and betting history, site navigation, clicks, session activity.
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, third-party analytics and advertising cookies (see "Cookies & Tracking Technologies" below).

All collected data is limited to that which is necessary for the purposes outlined in this policy and is protected in accordance with applicable laws.

Legal Basis for Processing

OBSERVE: Data processing by ruby-fortune-casino-new-zealand must rest on lawful grounds under the NZ Privacy Act 2020, the EU GDPR (where applicable), and gambling regulations.
EXPAND: Each processing purpose is mapped to a specific legal basis to ensure transparency and user protection.
REFLECT: The main legal bases are as follows:

  • User Consent: Obtained for marketing communications, cookie placement, and certain data analytics. You may withdraw consent at any time.
  • Contractual Necessity: Processing required to create and maintain your account, verify identity, process payments, and provide customer support.
  • Legal Obligations: Compliance with anti-money laundering (AML), know-your-customer (KYC), responsible gambling, and regulatory reporting requirements.
  • Legitimate Interests: Prevention of fraud, ensuring system security, optimizing website performance, and conducting data analytics (balanced against your fundamental rights).

Data is not used for automated decision-making without appropriate safeguards and notice.

Purpose of Processing

OBSERVE: The purposes for which data is processed must be clearly articulated to fulfill legal clarity and user expectation.
EXPAND: All operational, legal, and commercial reasons for data use are disclosed.
REFLECT: Data collected by ruby-fortune-casino-new-zealand on ruby-fortune-nz.com is processed for:

  • Account Creation and Management: Verifying identity, managing access, and facilitating secure gameplay.
  • Transaction Processing: Enabling deposits, withdrawals, and payment reconciliation.
  • Regulatory Compliance: Satisfying KYC, AML, and responsible gambling requirements.
  • Service Improvement: Analyzing use data to optimize user experience and platform performance.
  • Marketing and Communications: Sending promotional offers (subject to consent), service notifications, and updates.
  • Fraud Prevention and Security: Detecting, investigating, and preventing fraudulent or unauthorized activity.
  • Analytics and Reporting: Aggregating data for business intelligence, performance monitoring, and regulatory reporting.

All processing is limited to purposes disclosed in this policy. Data is never sold to third parties.

Disclosure & Sharing

OBSERVE: Legal requirements mandate clear disclosure of potential data recipients.
EXPAND: Data disclosures may occur to fulfill contractual and regulatory obligations.
REFLECT: ruby-fortune-casino-new-zealand may share personal data as follows:

  • Payment Partners: Banks, payment processors, and financial institutions to process deposits and withdrawals.
  • Service Providers: IT hosting, platform management, analytics, customer support, and verification service vendors (bound by confidentiality obligations).
  • Regulatory Authorities: New Zealand Department of Internal Affairs, Malta Gaming Authority, Kahnawake Gaming Commission, and other supervisory bodies as required by law.
  • Affiliates: Parent and group companies (Bayton Ltd, Spin Casino, JackpotCity) solely for operational purposes and only as permitted by law.
  • Advertising Networks: With your explicit consent, limited sharing of anonymized or pseudonymized data for marketing and advertising.

All data recipients are contractually obligated to implement robust data protection and security measures. Data will never be disclosed for unrelated commercial purposes.

International Transfers

OBSERVE: As a Malta-based operator serving New Zealand, cross-border transfers are inherent to operations.
EXPAND: Legal safeguards must be applied to all transfers outside New Zealand and the EU.
REFLECT: Personal data may be transferred to the following regions:

  • European Union (Malta): Main data processing and storage location. Protected by GDPR-aligned safeguards.
  • Canada (Kahnawake): For regulatory compliance and gaming operations, subject to Kahnawake personal data laws.
  • Other Jurisdictions: Data may be accessed by service providers in secure, regulated environments.

Protection Measures:

  • Standard Contractual Clauses (SCCs) for non-EEA transfers
  • Binding corporate rules and strict confidentiality agreements
  • Technical and organizational safeguards (encryption, access controls)

Transfers are always conducted in compliance with the NZ Privacy Act 2020, GDPR, and any other applicable regulations. You may request further information about transfer mechanisms via our DPO contact.

Data Retention

OBSERVE: Data retention periods must comply with regulatory minimums and be disclosed transparently.
EXPAND: Different categories require distinct retention schedules.
REFLECT: ruby-fortune-casino-new-zealand retains data as follows:

  • Personal Identification Data: Retained for up to 5 years after account closure to meet AML/KYC obligations and resolve disputes.
  • Payment and Transaction Data: Stored for a minimum of 5 years post-transaction, in line with financial regulations.
  • Account and Activity Data: Maintained for active accounts and deleted within 12 months of request or inactivity, unless retention is required by law.
  • Marketing Preferences: Retained until withdrawal of consent or account closure.
  • Cookies and Analytics Data: Retained according to cookie type (see "Cookies" section), never exceeding 2 years.

Deletion Criteria: Data is deleted or anonymized upon user request (where permitted), expiration of legal obligations, or when processing purposes have ended. Backups are securely erased according to industry standards.

Your Rights

OBSERVE: Users are entitled to a comprehensive suite of rights under the NZ Privacy Act 2020, the EU GDPR, and, where applicable, international standards.
EXPAND: All rights must be clearly described with practical exercise instructions and statutory timeframes.
REFLECT: As a user of ruby-fortune-casino-new-zealand on ruby-fortune-nz.com, you have the following rights:

  1. Right of Access: Request a copy of all personal data held about you.
  2. Right to Correction: Request correction of incomplete or inaccurate data.
  3. Right to Deletion ("Right to be Forgotten"): Request deletion of your data where no longer needed or where processing is unlawful, subject to regulatory retention requirements.
  4. Right to Restrict Processing: Request limitation of processing in certain circumstances (e.g., contesting accuracy, objecting to use).
  5. Right to Object: Object to processing based on legitimate interests, including marketing communications (opt-out at any time).
  6. Right to Data Portability: Request your data in a structured, machine-readable format and transmit it to another provider.
  7. Right to Withdraw Consent: Withdraw consent for marketing or non-essential data processing at any time.

Procedures for Exercising Your Rights

  • Submit requests via email to support@ruby-fortune-nz.com or the online contact form.
  • All requests are processed free of charge within 30 days, except where excessive or manifestly unfounded (in which case a reasonable fee may be charged or the request refused with explanation).
  • Identity verification may be required before fulfilling your request to protect your privacy.

Regional Compliance Note: While ruby-fortune-casino-new-zealand is a Malta-based provider, all user rights are aligned with the NZ Privacy Act 2020 and, where relevant, the EU GDPR. Users may also have recourse to international data protection supervisory authorities.

Cookies & Tracking Technologies

OBSERVE: Use of cookies is standard for online casinos, requiring full disclosure and user control options.
EXPAND: Cookie types, purposes, and management options must be explained for transparency and compliance.
REFLECT: ruby-fortune-casino-new-zealand uses the following cookies on ruby-fortune-nz.com:

  • Session Cookies: Enable basic site functionality and expire when you close your browser.
  • Persistent Cookies: Remember your settings, preferences, and login status for up to 2 years.
  • Third-Party Cookies: Used by analytics (e.g., Google Analytics) and advertising partners (only with your consent).

Cookie Purposes

  • Functional: Site navigation, account login, user authentication.
  • Analytics: Measuring website performance and user behavior to improve services.
  • Advertising: Delivering relevant marketing messages, only with explicit consent.

Managing Cookies

  • Adjust browser settings to accept, reject, or delete cookies.
  • Use the cookie management panel on ruby-fortune-nz.com to set your preferences.
  • Blocking cookies may affect site functionality; essential cookies cannot be disabled.

Data Security

OBSERVE: Protecting user data is a legal and operational imperative.
EXPAND: Legal standards require disclosure of technical and organizational security measures.
REFLECT: ruby-fortune-casino-new-zealand implements the following:

  • Encryption: All data is protected using TLS 1.2+ in transit and AES-256 encryption at rest.
  • Access Controls: Role-based access, two-factor authentication, and strict user privilege management.
  • Security Audits: Regular penetration testing and compliance audits (ISO 27001, SOC 2 where applicable).
  • Incident Response: Dedicated response procedures for potential data breaches, including user notification within statutory timeframes.
  • Staff Training: Ongoing employee training in data protection, privacy law, and cyber security best practices.

Security measures are regularly reviewed and updated to respond to evolving threats and regulatory requirements.

Complaints & Contacts

OBSERVE: Users must have accessible channels to raise privacy concerns.
EXPAND: Legal standards require responsive complaint processes and escalation mechanisms.
REFLECT: Complaints regarding privacy or data handling may be submitted as follows:

  1. Contact Points:
  2. Complaint Procedure:
    1. Submit your complaint via any contact method above, providing full details of your concern.
    2. All complaints are acknowledged within 5 business days and investigated promptly.
    3. A substantive response will be provided within 30 days. If more time is required, you will be informed in writing.
    4. If unsatisfied, you may escalate to the Data Protection Officer or relevant supervisory authority.
  3. Supervisory Authorities:
    • New Zealand Office of the Privacy Commissioner
      Website: privacy.org.nz
      Phone: +64 4 474 7590
      Email: enquiries@privacy.org.nz
    • Malta Office of the Information and Data Protection Commissioner
      Website: idpc.org.mt
      Phone: +356 2328 7100
    • EU Supervisory Authorities: For EU-based users, contact your local authority as listed at edpb.europa.eu

We are committed to resolving all privacy concerns fairly and transparently.

Updates

OBSERVE: Users must be informed of changes to the privacy policy.
EXPAND: Legal standards require advance notice for material changes and version tracking.
REFLECT: ruby-fortune-casino-new-zealand will update this policy as necessary to reflect legal, regulatory, and operational changes:

  • Notification Procedures: Material changes are communicated via email (if available), website banners, and account dashboard alerts.
  • Version Control: Last updated: 6 November 2025. A changelog of material updates will be maintained at the end of this policy.
  • Advance Notice: Significant changes are notified at least 30 days in advance. Users may object to changes or close their account before updates take effect.
  • Continued Use: Continued use of ruby-fortune-nz.com after the effective date of an update constitutes acceptance of the revised policy.

Changelog: All material changes and their effective dates will be recorded and available upon request.