Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, and protected by guts-casino when you access or use our services via guts-nz.com. It applies to all players and visitors residing in New Zealand and is effective as of 6 November 2025. By using guts-nz.com, you agree to the practices described in this policy and acknowledge your rights under applicable privacy laws.

Who We Are

OBSERVE: Capture all operator identification and contact details.
EXPAND: Ensure legal entity, registration, and DPO contact are fully transparent.
REFLECT: Provide users with clear information on the company controlling their data and contacts for privacy inquiries.

• Operator Legal Name & Address: The data controller for guts-nz.com is Betsson Group, operating through its registered entity Betsson Experience Centre, Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta (Registration Number: C69036).
• Contact Details:
  • Email: support-en@guts-nz.com (for privacy/data protection inquiries)
  • Live Chat: guts-nz.com/live-chat
  • Website: guts-nz.com/privacy
• Data Protection Officer (DPO): To contact the DPO or data protection department, please use the above email and indicate "Privacy Inquiry" in the subject line.

Regional Compliance Note: Operator details disclosed in accordance with NZ Privacy Act 2020 and EU GDPR transparency principles.

What Personal Data We Collect

OBSERVE: List all data categories explicitly.
EXPAND: Address cookies, behavioral tracking, and device data.
REFLECT: Ensure all forms of data collection are disclosed for legal clarity.

• Personal Identification Data: Full name, date of birth, residential address, email address, phone number, identity documents (for KYC/AML compliance).
• Account & Transaction Data: Username, account activity, deposit/withdrawal history, game/betting history.
• Payment Data: Credit/debit card details, e-wallet information, payment transaction records, and bank account details as required for payouts.
• Technical Data: IP address, device information, browser type/version, operating system, log files, access times, referring URLs, and geolocation data.
• Behavioral Data: Clickstream data, session logs, interaction with games and promotions, responsible gaming interactions.
• Cookies & Tracking: Session cookies, persistent cookies, and third-party tracking technologies (see "Cookies & Tracking Technologies").

Regional Compliance Note: Data collection fully aligns with NZ Privacy Act 2020 and international best practices for online gambling operations.

Legal Basis for Processing

OBSERVE: Identify all applicable legal grounds.
EXPAND: Reference contractual, legal, and legitimate interest bases.
REFLECT: Provide explicit legal rationale for each data processing activity.

1. User Consent: We process your data based on your explicit consent for marketing, cookies, and optional features. Consent is collected at registration and can be withdrawn at any time.
2. Contract Fulfilment: Processing is necessary to enter into and perform our contractual obligations (e.g., account creation, payments, provision of gaming services).
3. Legal Obligations: We process and retain data to comply with regulatory requirements, including Know Your Customer (KYC), Anti-Money Laundering (AML), tax reporting, and responsible gambling mandates as required under NZ law.
4. Legitimate Interests: Data is processed for security, fraud prevention, system maintenance, analytics, and service improvement, ensuring these interests do not override your rights and freedoms.

Regional Compliance Note: Legal bases established per NZ Privacy Act 2020 and GDPR (where applicable to NZ-based users of EU-licensed operators).

Purpose of Processing

OBSERVE: Enumerate all explicit and implicit purposes.
EXPAND: Address service provision, legal compliance, and marketing.
REFLECT: Link each purpose to a corresponding legal basis and user expectation.

• Account Management: To create, verify, and maintain your guts-nz.com account.
• Service Delivery: To provide access to online casino games, process transactions, and deliver customer support.
• Regulatory Compliance: To fulfil obligations under KYC/AML, fraud detection, and responsible gambling regulations.
• Marketing & Promotions: To send marketing communications, promotional offers, and personalized content (where you consent).
• Analytics & Improvements: To analyze user behaviour, enhance security, and improve site functionality and user experience.
• Dispute Resolution: To investigate and resolve complaints, disputes, or chargebacks.

Regional Compliance Note: All processing purposes are justified under NZ law and international gaming regulatory standards.

Disclosure & Sharing

OBSERVE: Identify all categories of third-party data recipients.
EXPAND: Address mandatory disclosures to regulators and affiliates.
REFLECT: Describe legal controls and user rights over disclosure.

• Payment Partners: Data is shared with payment processors and financial institutions to facilitate deposits and withdrawals, subject to strict confidentiality agreements.
• Service Providers: We may engage third-party IT, analytics, support, and verification services, who process data on our behalf under data processing agreements.
• Regulatory Authorities: Data may be disclosed to NZ Department of Internal Affairs or other law enforcement/regulatory bodies as required by law.
• Affiliates & Group Companies: Data may be shared within Betsson Group companies for operational consistency and compliance.
• Advertising Networks: Personal data may be shared with advertising or analytics partners only with your explicit consent.
• Legal Obligations: Data may be disclosed in response to legal processes, court orders, or to protect the rights and safety of guts-casino, users, or third parties.

Regional Compliance Note: All sharing is conducted in accordance with NZ Privacy Act 2020, with appropriate contractual safeguards for international transfers.

International Transfers

OBSERVE: Identify all cross-border data flows.
EXPAND: Specify protection mechanisms for data leaving NZ.
REFLECT: Disclose international transfer risks and safeguards.

• Regions of Transfer: Your data may be transferred to Malta (guts-casino headquarters), the European Economic Area (EEA), and other jurisdictions where Betsson Group or its service providers operate.
• Protection Guarantees: All transfers are protected by:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Contractual obligations ensuring data protection consistent with NZ Privacy Act 2020 and GDPR
  • Periodic risk assessments and due diligence of overseas recipients

Regional Compliance Note: International transfers comply with NZ Privacy Principle 12 and GDPR adequacy requirements for EU-licensed operators.

Data Retention

OBSERVE: Specify retention periods for all data types.
EXPAND: Provide deletion criteria and user triggers.
REFLECT: Ensure compliance with minimum/maximum statutory retention requirements.

1. Personal Data: Retained for the duration of the user relationship and up to 5 years after account closure or as required to comply with KYC/AML obligations.
2. Transaction & Payment Data: Retained for at least 7 years for financial audit and regulatory purposes.
3. Cookies & Technical Data: Retained in accordance with cookie policy (e.g., session cookies until browser closure, persistent cookies up to 2 years).
4. Deletion Criteria: Data is deleted upon user request (subject to legal exceptions), expiration of retention period, or when processing is no longer necessary.

Regional Compliance Note: Retention practices observe NZ Privacy Act 2020 and international best practices for remote gambling operators.

Your Rights

OBSERVE: Articulate all user privacy rights under NZ law and GDPR.
EXPAND: Include detailed procedures and timeframes for rights requests.
REFLECT: Provide user empowerment, transparency, and dispute options.

• Access: You have the right to request access to your personal data held by guts-casino at any time.
• Rectification: You may request correction of inaccurate or incomplete data.
• Erasure ("Right to be Forgotten"): You may request deletion of your data (subject to statutory retention requirements).
• Restriction of Processing: You can request restriction if you believe processing is unlawful or data is inaccurate.
• Objection: You may object to processing based on legitimate interests, including direct marketing.
• Data Portability: You can obtain your data in a structured, machine-readable format and request transfer to another provider (where technically feasible).
• Withdrawal of Consent: You can withdraw marketing consent at any time via account dashboard or by contacting support.
• Procedures:
  • Submit rights requests via support-en@guts-nz.com or live chat.
  • Requests are processed within 30 days, free of charge, unless manifestly unfounded or excessive.
  • Appeal unresolved issues to the NZ Privacy Commissioner or, where applicable, EU or other supervisory authorities.

Regional Compliance Note: User rights are fully aligned with NZ Privacy Act 2020 and GDPR standards, with reference to international dispute escalation where applicable.

Cookies & Tracking Technologies

OBSERVE: List all cookie types and purposes.
EXPAND: Disclose third-party cookies and user controls.
REFLECT: Ensure users can manage preferences and understand implications.

• Session Cookies: Essential for site functionality and expire when you close your browser.
• Persistent Cookies: Remain on your device for up to 2 years to recognize returning users and store preferences.
• Third-Party Cookies: Used for analytics (e.g., Google Analytics), advertising, and affiliate tracking, subject to your explicit consent.
• Cookie Management: You may control cookies via your browser settings or the cookie preference panel on guts-nz.com. Disabling cookies may affect site functionality.

Regional Compliance Note: Cookie usage and consent mechanisms are compliant with NZ and EU ePrivacy standards.

Data Security

OBSERVE: Detail all technical and organizational security measures.
EXPAND: Reference international standards and incident response.
REFLECT: Assure users of robust protections and industry compliance.

• Encryption: All data transmitted is protected by TLS 1.2+ encryption. Sensitive data is also encrypted at rest in secure databases.
• Access Controls: Access to personal data is strictly limited to authorized personnel, supported by multi-factor authentication and role-based permissions.
• Security Audits: Regular internal and external security audits are conducted, with adherence to ISO 27001 and SOC 2 standards where applicable.
• Staff Training: Employees undergo comprehensive training in data protection and privacy compliance.
• Incident Response: Established procedures for detecting, reporting, and responding to data breaches, including prompt notification to users and regulators where required.

Regional Compliance Note: Security practices aligned with NZ Privacy Act 2020, international gambling industry standards, and ISO 27001 where applicable.

Complaints & Contacts

OBSERVE: List all complaint channels and escalation paths.
EXPAND: Provide detailed contact methods and procedural steps.
REFLECT: Empower users to resolve disputes and escalate as necessary.

• Contact Channels:
  • Email: support-en@guts-nz.com
  • Live Chat: guts-nz.com/live-chat
  • Website Feedback Form: guts-nz.com/privacy
  • Postal correspondence: Betsson Experience Centre, Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta (please mark "Privacy Complaint")
• Complaint Procedure:
  1. Submit your complaint or inquiry using one of the channels listed above, providing relevant details and supporting documentation.
  2. We will acknowledge receipt of your complaint within 3 business days and aim to resolve all issues within 30 days.
  3. If you are unsatisfied with the outcome, you have the right to escalate the matter to the New Zealand Privacy Commissioner (privacy.org.nz, Phone: +64 4 474 7590, Email: enquiries@privacy.org.nz).

Regional Compliance Note: Complaint handling meets NZ Privacy Act 2020 requirements for dispute resolution and user redress.

Updates

OBSERVE: Specify update frequency and notification methods.
EXPAND: Detail user rights on changes and advance notice.
REFLECT: Provide transparency and retain user trust.

• Notification Procedures: Material changes to this Privacy Policy will be communicated via:
  • Email notifications to registered users
  • Website banners
  • Account dashboard alerts
• Advance Notice: Users will be given at least 30 days' notice prior to any significant changes taking effect. Minor updates will be posted immediately on the privacy page.
• User Options: If you object to material changes, you may close your account without penalty before the changes take effect by contacting support-en@guts-nz.com.
• Version Control: Last updated: 6 November 2025. A changelog of material changes is available upon request.

Regional Compliance Note: Policy update practices comply with NZ Privacy Act 2020 and EU transparency requirements for significant changes to data protection policies.