Privacy Policy

At Regal Rush Casino, we take your privacy seriously and we want you to understand exactly what happens with your personal information when you use our platform. This privacy policy explains what data we collect, why we collect it, how we use it, who we share it with, and what rights you have over it. We comply with the New Zealand Privacy Act 2020 and align our practices with the General Data Protection Regulation (GDPR) where applicable, even for players outside the European Economic Area. We believe that strong data protection standards should apply universally, not just where a specific law demands it.

This policy applies to all personal data processed through our website (regalrush-nz.com), our mobile-optimised platform, our customer support channels, and any associated services. By registering an account, you acknowledge that you have read and understood this policy. If you disagree with any aspect of our data practices, please do not create an account. We update this policy periodically and will notify you of material changes via email or an on-site banner at least 14 days before the changes take effect. The current version is effective as of January 2026.

We collect personal data that you provide directly during registration and account management: your full name, date of birth, email address, phone number, residential address, and preferred currency. During the KYC verification process, we also collect copies of your government-issued photo ID and, when required, a recent utility bill or bank statement as proof of address. For deposits and withdrawals, we process payment details including credit/debit card numbers (partially masked and stored by our PCI DSS-compliant payment processor, not on our servers), e-wallet account identifiers, bank account details, and cryptocurrency wallet addresses.

We automatically collect technical and behavioural data when you use our platform. This includes your IP address, browser type and version, operating system, device type, screen resolution, referring URL, pages visited, time spent on each page, games played, wager amounts, win/loss history, session durations, and interactions with our customer support team (chat transcripts and email correspondence). We collect this data through server logs, cookies, and similar tracking technologies described in Section 4 of this policy.

In certain circumstances, we may collect additional data for anti-fraud and anti-money laundering purposes. This can include enhanced due diligence (EDD) documentation such as source of funds declarations, employment details, and additional identity documents. We only request this information when required by our regulatory obligations or when transaction patterns trigger our automated risk assessment systems. We never collect more data than is necessary for the specific purpose, and we explain the reason for each request at the time it is made.

We use your personal data for the following purposes: to create and manage your player account, to verify your identity and age, to process deposits and withdrawals, to deliver gaming services and display your account balance accurately, to administer bonuses and promotions, to communicate with you about your account status and service updates, to provide customer support, and to detect and prevent fraud, money laundering, and other illegal activities. Every one of these uses is directly tied to our ability to deliver the service you signed up for or to comply with a legal obligation we are subject to.

With your consent, we also use your data to send you marketing communications about new promotions, game launches, and special offers. You can withdraw marketing consent at any time through your account settings, by clicking the unsubscribe link in any promotional email, or by contacting our support team. Withdrawing marketing consent does not affect our ability to send you transactional communications (such as deposit confirmations, withdrawal notifications, and security alerts), which are necessary for the operation of your account.

We use behavioural data (gameplay patterns, session lengths, deposit frequency) for two purposes: to personalise your experience by recommending games and offers that match your preferences, and to identify potential signs of problem gambling as part of our responsible gaming obligations. Our responsible gaming monitoring system analyses patterns automatically and flags accounts that show potential harm indicators. This is not about surveillance, it is about having a safety net that catches problems before they escalate. If our system flags your account, a trained member of our responsible gaming team reviews the case and may reach out to offer support tools.

We use cookies and similar technologies (local storage, session storage, pixel tags) to operate our platform, remember your preferences, and analyse how players interact with our site. Strictly necessary cookies are essential for the functioning of our platform, including session management, authentication, load balancing, and security protections. These cannot be disabled without breaking core functionality. Functional cookies remember your preferences such as language, currency, and display settings so you do not have to reconfigure them each visit. Analytics cookies help us understand traffic patterns, popular games, and user flow so we can improve the experience for everyone.

Marketing cookies track your interactions with our promotional content and are used to measure campaign performance and deliver relevant offers. These are only set with your explicit consent and can be managed through our cookie banner or your browser settings at any time. We also use third-party cookies from trusted analytics and advertising partners, including Google Analytics. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on. A full list of cookies we use, their purposes, and their expiry periods is available in our cookie preference centre, accessible from the footer of every page. We review our cookie inventory quarterly and remove any cookies that are no longer necessary.

We do not sell your personal data to third parties. Full stop. We share data only when necessary to provide our services or comply with legal obligations, and always under strict contractual safeguards. Our payment processors (including POLi, Skrill, Neteller, and our card payment gateway) receive the minimum data required to process your transactions. These processors are PCI DSS Level 1 compliant and are contractually prohibited from using your data for any purpose other than processing payments on our behalf.

Our game providers receive a pseudonymised player ID and your selected currency in order to deliver gameplay. They do not receive your name, email, or other directly identifying information. Our identity verification partner processes your KYC documents under a data processing agreement that requires them to delete all documents within 90 days of verification completion. We may share data with regulatory authorities, law enforcement agencies, or fraud prevention bodies when legally compelled to do so or when we believe in good faith that disclosure is necessary to prevent criminal activity, protect our rights, or ensure the safety of our players.

In the event of a corporate restructuring, merger, or acquisition, your data may be transferred to the successor entity. If this occurs, we will notify you in advance and you will have the option to delete your account before the transfer takes place. We require any successor to honour the commitments made in this privacy policy or obtain your fresh consent for any material changes to data handling practices.

We retain your personal data for as long as your account is active and for a period of five years after account closure, as required by our anti-money laundering and regulatory record-keeping obligations. Transaction records, including deposit and withdrawal history, are retained for a minimum of seven years in accordance with financial compliance requirements. KYC documents are retained for five years after account closure and then securely destroyed. Chat transcripts and support correspondence are retained for three years to assist with any disputes or complaints that may arise.

Marketing preference data is deleted within 30 days of you withdrawing consent. Analytics data is anonymised after 26 months, at which point it can no longer be linked back to an individual player. When retention periods expire, we securely delete data using industry-standard methods (overwrite for digital records, cross-cut shredding for physical documents). If deletion is not technically feasible due to backup systems, we ensure the data is isolated and protected from further processing until deletion becomes possible. You can request early deletion of your data at any time, subject to our legal retention obligations, by contacting us at [email protected].

Under the New Zealand Privacy Act 2020 and GDPR (where applicable), you have the following rights regarding your personal data: the right to access your data and receive a copy in a portable format, the right to correct inaccurate or incomplete data, the right to request deletion of your data (subject to legal retention obligations), the right to restrict processing in certain circumstances, the right to object to processing based on legitimate interests, and the right to withdraw consent for marketing communications at any time. Exercising any of these rights will not affect the quality of service you receive from us, and we will never penalise you for invoking your privacy rights.

To exercise any of these rights, contact our privacy team at [email protected] or through the privacy settings section of your account dashboard. We respond to all data rights requests within 20 working days, as required by the NZ Privacy Act. If your request is unusually complex or we receive a large volume of requests simultaneously, we may extend this by an additional 20 working days and will inform you of the delay and the reason for it. If you are not satisfied with how we handle a data rights request, you have the right to lodge a complaint with the Office of the Privacy Commissioner of New Zealand (privacy.org.nz). For further detail about our broader operational rules, please visit our terms and conditions page.

We protect your data using 256-bit SSL/TLS encryption for all data transmitted between your device and our servers. At rest, personal data is encrypted using AES-256 and stored in secure data centres that hold ISO 27001 certification. Access to personal data within our organisation is restricted to authorised personnel on a need-to-know basis, and all access is logged and audited. We conduct regular penetration testing, vulnerability assessments, and code reviews performed by independent security firms. Our infrastructure is monitored 24/7 for intrusion attempts and anomalous activity.

In the unlikely event of a data breach, we have an incident response plan that includes immediate containment, forensic investigation, notification to affected players within 72 hours, and notification to the Office of the Privacy Commissioner of New Zealand as required by law. We also carry cyber insurance to ensure that affected players can be supported financially if a breach results in demonstrable harm. No security system is infallible, and while we implement best-in-class protections, we encourage you to do your part by using a strong, unique password and enabling two-factor authentication on your account. If you notice any suspicious activity, report it immediately to our support team through live chat or email at [email protected].

If you have any questions about this privacy policy, your data, or our privacy practices, you can reach us through the following channels. Our privacy team responds within two business days to all enquiries. For general privacy questions, email [email protected]. For data rights requests, use the same email or the in-account privacy settings tool. For security concerns, contact [email protected]. You can also raise privacy questions through our live chat support, which is available around the clock. We are committed to transparency, and if there is anything in this policy you do not fully understand, we will explain it in plain language. Visit Regal Rush Casino NZ for our full contact details and live chat access.