GET BONUSPlaytech Privacy Policy: Personal Data Protection for NZ Players
This Privacy Policy explains how Playtech processes the personal information of players who use our pokies and live dealer products at NZ-licensed casinos. The document covers all interaction points between you and our software, plus contact with our support and corporate teams.
Playtech is a B2B game provider. Our games run on operator platforms across New Zealand under local gambling licences. The operator holds the direct customer relationship, and we process the personal information that supports our game delivery, game integrity, and regulatory obligations.
The policy applies to data collected through our content, our enquiry forms, and any direct interaction with Playtech entities. It runs alongside the operator’s own privacy notice. The operator policy governs your account-level data with that casino, and our policy governs the data Playtech itself processes for the gaming infrastructure.
Information We Collect
We collect specific categories of personal information to support our services. The data scope stays limited to what we need for game delivery, account integrity, and regulatory compliance.
| Data Category | Examples |
|---|---|
| Identity data | Full name, date of birth, government-issued ID number |
| Contact data | Email address, telephone number, postal address |
| Account data | Username, password (encrypted), security questions |
| Financial data | Payment method details, transaction history, IBAN |
| Gameplay data | Bets placed, sessions, game choices, win and loss records |
| Technical data | IP address, device type, browser version, connection log |
| Verification data | Identity document scans, proof of address, source of funds |
| Communication data | Support tickets, complaint forms, marketing preferences |
The exact data set varies by the specific product and the operator that hosts our content. Live dealer products collect additional behavioural data to support fair-play monitoring at the table level.
How We Gather Your Information
We collect personal information through several methods that operate alongside the operator platform. Each method serves a specific data flow within the gaming infrastructure.
- Direct submission via the operator’s registration and KYC forms;
- Automatic collection through game session logs and technical headers;
- Identity verification feeds from third-party KYC providers;
- Payment confirmation feeds from licensed payment processors;
- Direct contact via our Player Enquiry Form for self-exclusion or complaints;
- Direct contact via our Sales and Security Enquiry Forms for business and incident notifications;
- Sports data feeds for sports betting products through contracted data partners.
The operator remains the primary collection point for player account data. Playtech receives this information through secure data interfaces that protect the data in transit and at rest.
Lawful Basis and Purposes of Processing
We process personal information only on a recognised lawful basis. The legal grounds shift by the type of data and the activity. The table below maps each purpose to the matching legal basis.
| Purpose | Lawful Basis |
|---|---|
| Game delivery and account integrity | Contract performance |
| Self-exclusion request handling | Legal obligation (gambling licence rules) |
| Fraud and collusion detection | Legitimate interest |
| Anti-money laundering checks | Legal obligation (AML rules) |
| Complaint and dispute resolution | Legal obligation and legitimate interest |
| Service improvement and analytics | Legitimate interest |
| Marketing to business partners | Consent or legitimate interest |
| Sports data processing for betting markets | Legitimate interest |
| Security incident handling | Consent and legitimate interest |
Where we rely on consent, you may withdraw that consent at any time. The withdrawal does not affect any processing that already took place. Where we rely on legal obligation or legitimate interest, the processing continues for the duration the law and our business needs require.
Disclosure of Information to Third Parties
We share personal information only on specific lawful grounds with clearly defined recipients. We never sell your data to commercial third parties for marketing purposes unrelated to our services. The recipients of your data fall within these categories:
- Group companies within Playtech that support our service delivery;
- Third-party processors that assist with KYC, payment, hosting, and analytics;
- Operator casinos that host our pokies and live dealer content;
- Payment service providers that process deposits and withdrawals;
- Regulatory bodies that hold oversight of the gambling industry in New Zealand and other licensed jurisdictions;
- Law enforcement bodies on a valid legal request;
- Auditors and external advisers under confidentiality obligations;
- Potential purchasers of our business or any Group company in a corporate transaction.
Every external recipient signs a written confidentiality and data protection agreement with us. The agreement enforces the same protection standards we apply internally.
International Data Transfers
Playtech operates from multiple jurisdictions, and your personal information may move across borders during processing. We transfer data to Group entities and approved third parties located outside New Zealand on a regular basis. The transfer destinations include the United Kingdom, the Isle of Man, Guernsey, Israel, Bulgaria, Estonia, Ukraine, and the Philippines.
Adequacy Decisions
Some destinations hold a formal adequacy decision from the relevant authority. The decision confirms that the destination jurisdiction maintains data protection standards comparable to New Zealand.
Standard Contractual Clauses
Transfers to destinations without an adequacy decision run under standard contractual clauses. The clauses bind Playtech and the recipient to specific protection standards under the contract.
Binding Corporate Rules
Intra-Group transfers run under binding corporate rules that apply across all Playtech entities. The rules carry the force of contract and bind every Group company to a consistent privacy framework.
Retention Periods
We keep personal information only for the time the relevant lawful basis supports. The retention period varies by data type and the related regulatory requirement. The table below shows the standard retention periods we apply.
| Data Type | Retention Period |
|---|---|
| Security incident notifications | 6 months from notification |
| Self-exclusion requests | 6 years from end of relationship |
| Complaints on game play, deposits, withdrawals | 6 years from end of relationship |
| Account complaint records | 6 years from end of relationship |
| Sales enquiry data (unsuccessful) | 1 year from form submission |
| Marketing communication records | Active until opt-out or account closure |
| Sport personality data | 5 to 10 years on betting record retention |
| Business partner data | Active for contract duration plus legal limits |
After the retention period ends, we delete the data from our active systems. The deletion process runs against secure deletion standards that prevent data recovery. Records under legal hold for ongoing matters stay in place until the matter resolves.
Your Rights as a Data Subject
You hold a defined set of rights over your personal information. These rights run under data protection law and apply to the data we process about you. The list below summarises your main rights.
- Right of access. Request a copy of the personal information we hold about you;
- Right to rectification. Request correction of inaccurate or incomplete data;
- Right to erasure. Request deletion of data we no longer need to process;
- Right to restriction. Request limited processing during a dispute or accuracy check;
- Right to data portability. Receive your data in a machine-readable format;
- Right to object. Object to legitimate interest processing and profiling activity;
- Right to withdraw consent. Pull back consent at any time for consent-based processing;
- Right to complain. Lodge a complaint with the New Zealand Privacy Commissioner.
We respond to rights requests within one month of identity confirmation. Complex or repeated requests may take an additional two months under the legal extension provision. We may ask for proof of identity to verify the request and protect your data from unauthorised disclosure.
Security Standards
We apply a layered security model that protects personal information across collection, processing, storage, and transfer. Each layer covers a specific threat vector within the data flow.
- Transport encryption on every data exchange between players and our servers;
- AES-256 encryption on personal information at rest;
- Role-based access controls that limit staff data access to operational need;
- Multi-factor authentication on every administrative login;
- Network segmentation that isolates sensitive systems from general traffic;
- Continuous monitoring of system logs for unusual access patterns;
- Penetration testing by external specialists on a recurring schedule;
- Mandatory security training for every staff member with data access;
- Physical security controls at all data centre locations;
- Incident response procedures that activate on any confirmed breach event.
The full security framework matches the ISO 27001 standard and the requirements of our gambling licences across all jurisdictions. We review and update the controls regularly to address new threat patterns and new regulatory requirements.
Updates and Contact Information
We update this Privacy Policy on a regular basis to reflect changes in our processing operations, new legal requirements, and improvements in our security framework. The effective date of the current version appears at the top of this page. We post the updated text on this page on the day the change takes effect.
Material changes to the policy trigger a direct notice to active business partners. The notice also goes to players who hold direct contact relationships with Playtech. It runs through our standard communication channels and gives a clear summary of the changes.
For any privacy enquiry, data subject rights request, or general question about this policy, you may contact our Group Data Protection Office:
- Email: [email protected] ;
- Postal address: Playtech Software Limited, Mid-City Place, 71 High Holborn, London, United Kingdom, WC1V 6EA.
For complaints that we cannot resolve directly, you may also contact the New Zealand Office of the Privacy Commissioner at any time.