Ruby Fortune New Zealand Privacy Policy

This Privacy Policy document outlines the data protection practices of Ruby Fortune Casino for players accessing services from New Zealand. The policy exists to inform individuals about the collection, use, storage, and protection of their personal information. It explains the legal basis for processing personal data, the categories of information handled, and the security measures implemented. The document also details player rights regarding their personal data under applicable laws, including the Privacy Act 2020. This policy is a formal statement of administrative procedure, reflecting the operator's commitment to lawful processing and regulatory compliance. It governs all interactions, including those conducted via the Ruby Fortune casino mobile app.

Data Collection and Categories of Personal Information

Ruby Fortune Casino collects and processes personal data necessary for the provision of its services, regulatory compliance, and legitimate business operations. The collection occurs during account registration, financial transactions, customer support interactions, and through automated technical means. All data is obtained directly from the player or generated through their use of the service. The primary categories of personal information processed are as follows.

Registration and identity information includes details provided during account creation and verification. This encompasses full name, date of birth, contact details such as address, email, and phone number. For verification purposes, copies of government-issued identification, proof of address documents, and other relevant compliance records are collected and processed.

Financial and transactional data is generated from all monetary interactions. This includes deposit and withdrawal records, payment method details such as account numbers or card references, transaction history, and game play activity. This category is essential for financial auditing, fraud prevention, and the processing of withdrawals.

Technical and usage data is automatically collected during site or app access. This includes IP address, device identifiers, browser type, operating system, pages viewed, and game interaction logs. Data from the Ruby Fortune casino mobile app, including device model and operating system version, falls under this category. This information supports system administration, security monitoring, and service optimisation.

Communication and profile data consists of records from interactions with customer support, including chat logs, email correspondence, and telephone call recordings. Preferences, marketing consent status, and records related to the use of promotional offers such as Ruby Fortune bonus codes are also maintained within this category.

Purposes of Processing and Legal Bases

The processing of personal data by Ruby Fortune Casino is conducted for specified, explicit, and legitimate purposes. Each processing activity is underpinned by a lawful basis as required by data protection principles. The primary purposes and corresponding legal justifications are systematically outlined below.

Account management and service provision form the core of data processing. This includes creating and maintaining player accounts, processing bets and game transactions, facilitating deposits and withdrawals, and providing customer support. The lawful basis for this processing is the performance of the contract between the player and the operator, as detailed in the Terms and Conditions.

Compliance with legal obligations is a mandatory driver for processing. New Zealand's Gambling Act 2003 and associated regulations, along with anti-money laundering and countering financing of terrorism laws, require specific data processing. This encompasses identity verification, age confirmation, source of funds checks, and reporting of suspicious activities. Processing for these purposes is a legal obligation.

Legitimate interests are pursued where necessary for the business, provided they are not overridden by the individual's rights. Key legitimate interests include fraud prevention and detection, network and information security, such as preventing unauthorized access, and system administration. Direct marketing may also be conducted under legitimate interest or consent, allowing for communication regarding offers, including Ruby Fortune bonus codes. Players retain the right to object to such processing.

Consent serves as the legal basis for specific, non-essential processing activities. This may include certain types of marketing communications or the use of non-essential cookies. Consent is obtained separately and can be withdrawn by the player at any time through account settings or by contacting customer support. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Data Storage, Security Protocols, and Retention Periods

Ruby Fortune Casino implements technical and organisational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. Data is stored on secure servers with controlled access environments. The specific security measures and data lifecycle management policies are defined by internal governance frameworks.

Technical safeguards include the use of encryption technologies for data in transit and at rest. Firewalls, intrusion detection systems, and regular security assessments are employed to protect the infrastructure. Access to personal data is restricted to authorised personnel on a need-to-know basis, governed by strict authentication protocols.

Data retention schedules are determined by the purpose for which the information was collected and relevant legal requirements. Personal data is not kept for longer than is necessary. Retention periods are typically aligned with ongoing account activity, regulatory mandates, and statutory limitation periods for legal claims. A summary of standard retention criteria is provided in the following table.

Data disposal is conducted securely upon the expiration of the applicable retention period. Methods include permanent deletion from active systems and, where required for archival purposes, secure archiving with restricted access. Anonymisation may be applied to certain data sets for analytical purposes after the retention period ends.

Individual Rights and Request Procedures

Individuals located in New Zealand have rights regarding their personal data under the Privacy Act 2020. Ruby Fortune Casino has established procedures to facilitate the exercise of these rights. All requests are subject to a verification of identity process to protect player data from unauthorized access. The following rights are recognized and can be exercised by contacting the Data Protection Officer.

The right of access allows individuals to request confirmation of whether their personal data is being processed and to obtain a copy of that data. The right to correction enables individuals to request the rectification of inaccurate or incomplete personal data. Ruby Fortune Casino will respond to such requests within the timeframes stipulated by applicable law.

Individuals have the right to request the erasure of their personal data in specific circumstances, such as where the data is no longer necessary for the purposes collected or if consent is withdrawn. The right to restrict processing may be invoked to limit the use of data, for example, while accuracy is being verified. The right to object to processing based on legitimate interests, including direct marketing, is also available.

The right to data portability allows for the receipt of personal data provided to the operator in a structured, commonly used, and machine-readable format. This right applies to data processed by automated means based on consent or contract. To initiate any request regarding these rights, individuals must submit a verifiable request via the designated contact channel. Ruby Fortune Casino will process requests without undue delay and in accordance with its legal obligations.