burger icon
bCasino
Log In

Privacy Policy

This privacy policy explains how b-casino, operated via b-nz.com, processes and protects the personal information of players and website visitors. It is essential for transparency, legal compliance, and to safeguard your rights under New Zealand and international data protection standards. This policy applies to all users of our services, whether registering, playing, or simply browsing. Effective date: 6 November 2025.

Who We Are

OBSERVE: b-casino is operated by Green Feather Online Limited, registered in Malta and licensed by the Malta Gaming Authority (MGA).
EXPAND: The company's details and contact for data protection are provided for direct user access and regulatory compliance.
REFLECT: This section addresses legal obligations for transparency of operator identity and data controller designation.

  • Legal Operator: Green Feather Online Limited
    • Registration Number: C80735
    • Legal Address: Level 5, Quantum House, 75, Abate Rigord Street, Ta' Xbiex, XBX 1120, Malta
    • Gaming Licence: MGA/B2C/445/2017 (issued by Malta Gaming Authority, valid and active)
  • Data Protection Contact:

What Personal Data We Collect

OBSERVE: b-casino collects a range of personal and technical data.
EXPAND: Data collection covers regulatory (KYC/AML), operational (service delivery), and analytical (security, marketing) needs.
REFLECT: All data categories are described to ensure users understand the scope and nature of processing.

  • Personal Identification Data: Full name, date of birth, residential address, email address, phone number, identification documents (for verification).
  • Account Data: Username, password (encrypted), account settings, communication preferences.
  • Technical Data: IP address, device information, browser type, operating system, access logs, time zone, and geolocation (where permitted).
  • Payment and Transaction Data: Payment card details, bank account numbers, deposit/withdrawal history, gaming transactions, and winnings.
  • Behavioral Data: Betting activity, game usage statistics, interaction history, website navigation (clicks, pages viewed).
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, third-party cookies (see "Cookies & Tracking Technologies" section).

Legal Basis for Processing

OBSERVE: New Zealand privacy law (Privacy Act 2020) and EU GDPR (by virtue of Malta licensing) require clear legal grounds for data processing.
EXPAND: Legal bases include user consent, contractual necessity, legitimate interests, and compliance with legal obligations (KYC/AML).
REFLECT: This section clarifies the lawful foundations for each data processing activity.

  • User Consent: Where required, we obtain your explicit consent for marketing communications, cookies, and optional services. Consent can be withdrawn at any time.
  • Contractual Necessity: Processing is necessary to provide casino services, manage accounts, process payments, and fulfill our contractual obligations with you.
  • Legitimate Interests: We process data to ensure security, prevent fraud, analyze service performance, and improve user experience. These interests do not override your fundamental rights.
  • Legal Obligations: We are required by law to carry out identity verification (KYC), anti-money laundering (AML) checks, record-keeping, and respond to regulatory requests.

Regional Compliance Note: NZ Privacy Act 2020 and Malta GDPR alignment ensures legal validity for all processing activities.

Purpose of Processing

OBSERVE: Regulatory frameworks require precise articulation of processing purposes.
EXPAND: Purposes reflect both operational and legal needs, ensuring transparency and user awareness.
REFLECT: Data is processed for the following key purposes:

  • Service Provision: To enable registration, identity verification, account maintenance, game access, payment processing, customer support, and prize payouts.
  • Service Improvement: To analyze site usage, monitor performance, develop new features, and enhance user experience.
  • Marketing & Promotions: To send promotional emails, newsletters, and personalized offers, subject to your consent and preferences.
  • Analytics & Research: To assess player behavior, conduct market analysis, and improve responsible gambling initiatives.
  • Fraud & Security: To detect and prevent fraudulent activity, enforce site security, and comply with anti-money laundering regulations.

Disclosure & Sharing

OBSERVE: Legal requirements mandate clear disclosure of third-party sharing.
EXPAND: Data sharing is limited to necessary partners and legal authorities, with explicit user consent for non-essential transfers.
REFLECT: This section details how and when data may be shared:

  • Payment Partners: Financial institutions and payment processors receive necessary transaction data to facilitate deposits and withdrawals.
  • Service Providers: IT, marketing, analytics, platform hosting, and customer support providers access data only as required and under confidentiality agreements.
  • Regulators & Law Enforcement: Data is disclosed to regulatory bodies such as the Malta Gaming Authority, New Zealand authorities, and law enforcement upon legal request or as required by law.
  • Affiliates & Advertising Networks: Data is shared for marketing purposes solely with your explicit consent and in accordance with your preferences.
  • Corporate Transactions: In the event of mergers, acquisitions, or restructuring, personal data may be transferred in compliance with legal requirements and user rights.

International Transfers

OBSERVE: Data may be transferred outside New Zealand, primarily to Malta and EU-based partners.
EXPAND: International transfers are governed by legal safeguards to protect user data.
REFLECT: Protections in place include:

  • Standard Contractual Clauses: We use EU-approved contractual clauses to ensure personal data transferred internationally remains protected.
  • Regulatory Compliance: Transfers comply with the NZ Privacy Act 2020 and applicable EU GDPR requirements.
  • Additional Safeguards: Where necessary, further technical and organizational measures are implemented to protect data during transfer and processing.

Regional Compliance Note: All transfers are documented and subject to regular legal review for compliance with NZ and EU data protection standards.

Data Retention

OBSERVE: Regulatory and business needs dictate specific retention periods.
EXPAND: Data retention is tailored to data category, legal obligations, and user rights.
REFLECT: Retention procedures are as follows:

  • Personal Data: Retained for the duration of your account and up to 5 years following account closure or the end of our business relationship, as required by law (e.g., anti-money laundering regulations).
  • Transaction Data: Retained for at least 5 years for legal compliance and auditing purposes.
  • Technical and Behavioral Data: Retained for up to 3 years for analytics, security, and fraud prevention.
  • Cookies & Tracking Data: Retention periods vary by cookie type (see "Cookies & Tracking Technologies").
  • Deletion Criteria: Data is deleted or anonymized upon user request, expiration of retention period, or when processing is no longer necessary for stated purposes. Legal exceptions may apply.

Your Rights

OBSERVE: Under the NZ Privacy Act 2020 and GDPR, users have comprehensive data rights.
EXPAND: Rights are explained with procedures and timeframes for exercising them.
REFLECT: We uphold the following rights for all users:

  1. Right of Access: You may request confirmation of whether we process your personal data and obtain a copy of such data.
  2. Right to Correction: You can request correction of inaccurate or incomplete data at any time.
  3. Right to Deletion ("Right to be Forgotten"): You may request deletion of your data in cases where it is no longer necessary, consent is withdrawn, or processing is unlawful.
  4. Right to Restrict Processing: You may request limitations on data processing under certain circumstances (e.g., while a correction request is pending).
  5. Right to Object: You have the right to object to processing based on legitimate interests or direct marketing at any time.
  6. Right to Data Portability: You may request to receive your data in a structured, commonly used format and have it transferred to another provider.
  7. Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time, without affecting prior processing lawfulness.

Procedures:

  • Requests must be submitted via [email protected] or online contact form.
  • We will respond within 30 days, free of charge, unless requests are manifestly unfounded or excessive.
  • If you are dissatisfied with our response, you may escalate your complaint to the Office of the Privacy Commissioner (New Zealand) or relevant EU authorities.

Regional Compliance Note: All rights are fully aligned with the Privacy Act 2020 (NZ) and GDPR (Malta/EU).

Cookies & Tracking Technologies

OBSERVE: Transparency regarding cookies is required by both NZ and EU law.
EXPAND: Users are informed of cookie types, their purposes, and management options.
REFLECT: The following cookie practices apply:

  • Session Cookies: Temporary cookies that enable basic site functionality and are deleted when you close your browser.
  • Persistent Cookies: Remain on your device for a set period to remember your preferences and enhance user experience.
  • Third-Party Cookies: Placed by analytics, advertising, or affiliate partners to track performance and deliver targeted content (subject to your consent).

Cookie Management: You can manage or disable cookies via your browser settings or through our internal cookie consent panel. Disabling cookies may affect certain site features.

Data Security

OBSERVE: Robust security is mandated by regulation and industry standard.
EXPAND: Measures address both technical and organizational safeguards.
REFLECT: b-casino implements the following protections:

  • Encryption: All data in transit is secured using TLS 1.2 or higher. Sensitive data at rest is encrypted using industry-standard algorithms.
  • Access Controls: Strict role-based access, multi-factor authentication, and least-privilege principles are enforced.
  • Security Audits: Regular internal and external security audits are conducted to identify and remediate vulnerabilities.
  • Staff Training: All personnel with data access receive ongoing data protection and security training.
  • Incident Response: A documented incident response plan ensures rapid containment, investigation, and reporting of any data breaches.
  • Compliance: Security practices are aligned with ISO 27001 and SOC 2 standards where applicable.

Regional Compliance Note: Security measures are continuously reviewed to meet or exceed NZ and EU legal requirements.

Complaints & Contacts

OBSERVE: Users must have accessible channels to raise privacy concerns.
EXPAND: Complaint procedures and escalation paths are clearly detailed.
REFLECT: The following process is in place:

  • Initial Contact: Submit privacy concerns or complaints via email ([email protected]), online form (contact page), or by mail (Green Feather Online Limited, Level 5, Quantum House, 75, Abate Rigord Street, Ta' Xbiex, XBX 1120, Malta).
  • Review & Response: All complaints are investigated by our Data Protection Officer, and an initial response will be provided within 30 days.
  • Escalation: If unsatisfied, you may escalate to the Office of the Privacy Commissioner (New Zealand) (https://www.privacy.org.nz/about-us/contact-us/) or the Office of the Information and Data Protection Commissioner (Malta) (https://idpc.org.mt/contact-us/).

Regional Compliance Note: Procedures fully comply with NZ, EU, and Malta data protection complaint handling standards.

Updates

OBSERVE: Users must be informed of policy changes in a timely fashion.
EXPAND: Notification methods and user rights upon updates are described.
REFLECT: Our update practices are as follows:

  • Notification: Material changes to this policy will be communicated by email, website banner, and account dashboard alert.
  • Version Control: "Last updated: 6 November 2025" is indicated on this page. A changelog of significant amendments is maintained for user reference.
  • Advance Notice: At least 30 days' notice is provided before significant changes take effect, giving users the option to object or close their account if they disagree with the new terms.

Regional Compliance Note: Update procedures meet NZ and EU advance notification standards for privacy policy changes.