burger icon
BitStarz Сasino
Log In

Privacy Policy

This Privacy Policy describes how bit-starz-casino-new-zealand, operating via bit-starz-casino.com, collects, uses, discloses, and protects your personal data. It applies to all players and visitors accessing our casino services and website from New Zealand. By using our services, you agree to the terms outlined herein. This policy is effective as of 6 November 2025.

Who We Are

OBSERVE: bit-starz-casino-new-zealand is operated by Dama N.V., a company registered under Curaçao law.
EXPAND: Legal and contact information is provided to ensure transparent communication and regulatory alignment.
REFLECT: Users are empowered to contact our Data Protection Officer (DPO) regarding privacy concerns.

  • Legal Entity: Dama N.V.
  • Registration Number: 152125
  • Registered Address: Scharlooweg 39, Willemstad, Curaçao
  • Licenses:
    • Antillephone N.V. (License No. 8048/JAZ2020-013, valid through 2025)
    • Curaçao Gaming Control Board (License Nos. OGL/2023/174/0082 and OGL/2025/165/0185, valid through 2025)
  • Parent Company: Dama N.V.
  • Payment Processing Subsidiary: Friolion Limited (Registration No. ΗΕ 419102, Cyprus)
  • Data Protection Contact (DPO): [email protected] | [email protected]
  • Online Support: Support Form | Contact Form

What Personal Data We Collect

OBSERVE: We collect a range of personal, technical, and behavioral data.
EXPAND: Data categories are defined to ensure transparency and support legal obligations.
REFLECT: Data minimization principles are applied, collecting only what is necessary for lawful purposes.

  • Personal Data: Full name, date of birth, residential address, email address, phone number, identification documents.
  • Technical Data: IP address, device identifiers, browser/user agent, log files, session data, time zone, language preferences.
  • Payment Data: Credit/debit card details, bank account information, cryptocurrency wallet addresses, transaction records.
  • Behavioral Data: Game activity, betting and transaction history, clickstream data, site navigation patterns.
  • Cookies and Tracking Technologies: Session and persistent cookies, third-party analytics, ad tracking technologies (see "Cookies & Tracking Technologies" below).

Legal Basis for Processing

OBSERVE: NZ law, international data protection principles, and industry regulations require explicit legal grounds for processing.
EXPAND: Data processing is limited to strictly defined lawful bases.
REFLECT: Each processing activity is mapped to its respective legal justification for user clarity and regulatory compliance.

  • User Consent: Processing for non-essential purposes, such as marketing communications and use of certain cookies, is based on your explicit consent. You may withdraw consent at any time.
  • Contract Fulfillment: Data processing necessary to create, manage, and operate your account, process payments, verify identity, and deliver gaming services is grounded in contract performance.
  • Legal Obligations: We process data to comply with statutory requirements, including Know Your Customer (KYC), Anti-Money Laundering (AML) obligations, taxation, and regulatory reporting as required under NZ and international laws.
  • Legitimate Interests: Processing for purposes such as fraud prevention, security monitoring, service improvement, and analytics is performed based on our legitimate business interests, balanced against user rights and expectations.

Purpose of Processing

OBSERVE: Multiple processing purposes are mandated by law and operational necessity.
EXPAND: Explicitly outlining each purpose ensures transparency.
REFLECT: Users are informed of all ways their data may be used, supporting informed consent and regulatory compliance.

  • Service Provision: To register user accounts, deliver gaming services, process payments and withdrawals, and provide customer support.
  • Compliance and Security: To verify identity and age, perform KYC/AML checks, detect and prevent fraud or abuse, and comply with regulatory requirements.
  • Analytics and Service Improvement: To analyze site usage, optimize user experience, enhance product offerings, and conduct statistical research.
  • Marketing and Promotions: To send promotional offers, newsletters, and personalized advertising (with user consent).
  • Legal Defense: To protect our legal rights, respond to lawful requests, or defend against legal claims.

Disclosure & Sharing

OBSERVE: Data may be shared with specified third parties only when necessary.
EXPAND: Each sharing scenario is governed by contractual and legal obligations to ensure data protection.
REFLECT: Data is never sold, and disclosure is strictly regulated.

  • Payment Partners: Financial data is shared with banks, payment processors, and cryptocurrency providers to process transactions.
  • Service Providers: Trusted third parties such as IT support, analytics vendors, and cloud hosting providers may access data under strict confidentiality agreements.
  • Regulatory Authorities: Data may be disclosed to gaming regulators, law enforcement, government agencies, or courts as required by NZ or international law.
  • Affiliates and Subsidiaries: Data may be shared within the Dama N.V. group and with Friolion Limited (payment processing in Cyprus) for operational purposes.
  • Advertising Networks: With your consent, certain data may be disclosed to advertising or marketing partners for targeted campaigns.

International Transfers

OBSERVE: As a global operator, some data is transferred outside New Zealand.
EXPAND: Transfers are limited to jurisdictions with adequate data protection or supplemented by legal safeguards.
REFLECT: Protective clauses and industry standards are implemented to ensure continuity of rights.

  • Transfer Destinations: Personal data may be transferred to Curaçao (headquarters), Cyprus (payment processing), and other countries where our service providers operate.
  • Legal Safeguards: Transfers are subject to standard contractual clauses, binding corporate rules, and equivalent legal instruments ensuring adequate data protection.
  • Ongoing Protection: Data remains subject to this Privacy Policy and applicable legal protections regardless of transfer location.

Regional Compliance Note: All international transfers are conducted in accordance with NZ Privacy Act 2020, EU GDPR standards (where applicable), and relevant international data transfer regulations.

Data Retention

OBSERVE: Data retention schedules are dictated by legal, regulatory, and operational requirements.
EXPAND: Different data categories have distinct retention periods and deletion criteria.
REFLECT: Retention is limited to the minimum period necessary, with user rights to request earlier deletion where legally permitted.

  • Account Data: Retained for the duration of your account and up to 5 years following account closure or last activity, as required for regulatory, legal, and anti-fraud purposes.
  • KYC/AML Documentation: Maintained for a minimum of 5 years after the end of the business relationship, in line with NZ and Curaçao obligations.
  • Transaction Records: Held for at least 5 years for audit and tax purposes.
  • Marketing Data: Retained until consent is withdrawn or the purpose of processing expires.
  • Deletion Criteria: Data is securely deleted or anonymized upon expiration of the retention period, user request (where permitted), or when processing is no longer necessary.

Your Rights

OBSERVE: Under NZ Privacy Act 2020 and international standards, users have robust data rights.
EXPAND: Rights are aligned with GDPR principles and adapted to NZ context.
REFLECT: We provide clear procedures for the exercise of each right, with guaranteed response times and no charge.

  1. Right of Access: You may request confirmation of personal data processing and obtain a copy of your data in a structured format.
  2. Right of Correction: You may request correction or updating of inaccurate or incomplete personal information.
  3. Right of Deletion: You may request deletion of your personal data, subject to legal and regulatory limitations (e.g., KYC/AML retention obligations).
  4. Restriction of Processing: You may request restriction of processing in certain circumstances, such as during a dispute regarding data accuracy.
  5. Right to Object: You may object to data processing for direct marketing or based on legitimate interests at any time.
  6. Data Portability: You may request your data in a portable format for transfer to another provider, where technically feasible.
  7. Withdrawal of Consent: You may withdraw consent for marketing or non-essential data processing at any time, without affecting the lawfulness of prior processing.
  8. Exercising Rights: Submit requests via [email protected] or through our support form. We will respond within 30 days, free of charge, except where requests are manifestly unfounded or excessive.

Regional Compliance Note: While this policy aligns with GDPR and international best practices, it is specifically adapted for compliance with the NZ Privacy Act 2020.

Cookies & Tracking Technologies

OBSERVE: Cookies and tracking technologies are essential for service provision and user experience.
EXPAND: Full disclosure of types and purposes is provided.
REFLECT: Users are informed of management options and consent mechanisms.

  • Session Cookies: Temporary cookies essential for core site functionality, authentication, and user session management.
  • Persistent Cookies: Cookies stored on your device to remember preferences, enhance navigation, and personalize content.
  • Third-Party Cookies: Used by analytics services (e.g., Google Analytics) and advertising partners to measure performance and deliver relevant ads.
  • Cookie Management: You may manage or disable cookies via your browser settings or through our internal cookie consent panel. Disabling cookies may affect certain site features.

Data Security

OBSERVE: Data security is a fundamental legal and operational obligation.
EXPAND: Comprehensive technical and organizational measures are implemented.
REFLECT: Security standards are regularly reviewed and updated to mitigate risks.

  • Encryption: All data in transit is protected with TLS 1.2+ encryption; sensitive data is encrypted at rest.
  • Access Controls: Role-based access controls, multi-factor authentication, and strict permission management prevent unauthorized access.
  • Data Minimization and Segregation: Only necessary data is collected and access is limited to authorized personnel for defined purposes.
  • Security Audits: Regular internal and external security audits, vulnerability assessments, and penetration testing are conducted.
  • Staff Training: Employees receive regular training on data protection, secure processing, and incident response.
  • Incident Response: We maintain a documented incident response plan for timely detection, notification, and remediation of data breaches.
  • Compliance: We strive to align with international security standards, including ISO 27001 and SOC 2, where applicable.

Complaints & Contacts

OBSERVE: Effective complaint channels are essential for user trust and regulatory compliance.
EXPAND: Multiple contact methods and escalation paths are provided.
REFLECT: Users are assured of fair, timely, and transparent handling of privacy concerns.

  1. Primary Contact: For privacy concerns, contact our DPO at [email protected] or [email protected], or use our online support form.
  2. Complaint Procedure: Submit your complaint in writing, clearly describing your concern. We will acknowledge receipt within 3 working days and provide a substantive response within 30 days.
  3. Escalation: If you are dissatisfied with our response, you may escalate your complaint to the NZ Office of the Privacy Commissioner: https://privacy.org.nz/ (Freephone: 0800 803 909, Email: [email protected]).
  4. International Complaints: For EU-based users, escalation is available to any competent EU data protection authority as applicable.

Updates

OBSERVE: Privacy policies must be updated to reflect regulatory changes, operational developments, or new data uses.
EXPAND: Users are proactively notified of significant changes.
REFLECT: Version control, advance notice, and opt-out options are integral to user trust and compliance.

  • Notification Procedures: Material policy changes will be communicated via email, website banners, and account dashboard alerts.
  • Advance Notice: For significant changes, users will receive at least 30 days' advance notice with an option to object or close their account without penalty.
  • Version Control: The current version is identified by the "Last updated: 6 November 2025" timestamp below.
  • Changelog: Material amendments and their effective dates will be listed within the policy.

Last updated: 6 November 2025