burger icon
Caxino Casino
Log In

Privacy Policy

This Privacy Policy explains how caxino-casino, operating exclusively via caxino-nz.com, collects, uses, discloses, and protects your personal information. It applies to all players and visitors of our website, and governs all data processing activities as of 06 November 2025.

Who We Are

OBSERVE: Rootz Limited is the licensed operator of caxino-casino (caxino-nz.com).
EXPAND: Legal compliance mandates full company identification, registration details, and direct contact for data protection.
REFLECT: Users must be able to identify and contact the legal entity responsible for their data.

  • Legal Operator: Rootz Limited
  • Registered Address: Ewropa Business Centre, Dun Karm Street, Level 3 - 701, Birkirkara, BKR 9034, Malta
  • Company Registration Number: C 83903
  • Gaming License: MGA/B2C/599/2018 (Malta Gaming Authority, valid as of 2025)
  • Data Protection Officer (DPO): Aroha Williams
  • Contact Email: [email protected]
  • Website: https://caxino-nz.com
  • Live Chat: https://caxino-nz.com/live-chat

Regional Compliance Note: All personal data handling is subject to the New Zealand Privacy Act 2020, Malta Data Protection Act, and international standards.

What Personal Data We Collect

OBSERVE: Collection of personal, technical, transactional, and behavioral data.
EXPAND: Specific data types are listed for full transparency and regulatory alignment.
REFLECT: Users are informed about the categories of data processed.

  • Personal Information: Full name, date of birth, residential address, email address, phone number, government-issued identification.
  • Technical Data: IP address, device details, browser information, access logs, location data.
  • Payment & Financial Data: Credit/debit card details, bank account information, transaction history, withdrawal and deposit records.
  • Behavioral Data: Betting history, game activity, clicks, navigation patterns, interaction logs.
  • Cookies & Similar Technologies: Session cookies, persistent cookies, analytics, advertising trackers.

Regional Compliance Note: Data collection aligns with NZ Privacy Principle 3 (collection of information from subject) and related AML/KYC requirements.

Legal Basis for Processing

OBSERVE: Data processing is governed by explicit legal grounds.
EXPAND: All processing activities are mapped to a lawful basis under NZ law and international standards.
REFLECT: Users are informed about the lawful justification for each processing activity.

  • User Consent: For marketing communications, analytics, and certain cookies. Consent is freely given and can be withdrawn at any time.
  • Contract Fulfillment: Processing necessary to create, manage, and operate user accounts, provide gaming services, and process payments.
  • Legitimate Interests: Ensuring system security, fraud prevention, service improvement, and internal analytics, balanced against user privacy rights.
  • Compliance with Legal Obligations: Meeting regulatory requirements (e.g., KYC, AML, responsible gambling rules), responding to legal requests, and reporting to authorities.

Regional Compliance Note: Legal bases are determined in line with NZ Privacy Act 2020, and, where applicable, GDPR Article 6(1).

Purpose of Processing

OBSERVE: Clarifies why each data category is processed.
EXPAND: Each purpose is explicitly listed to avoid ambiguity.
REFLECT: Users understand how and why their data is used.

  • Provision of Casino Services: To enable account registration, gameplay, deposits, withdrawals, and customer support.
  • Service Improvement: To analyze usage patterns, fix issues, and enhance user experience.
  • Marketing and Promotions: To send newsletters, promotional offers, and personalized content with user consent.
  • Analytics: To perform statistical analysis, improve service efficiency, and monitor website performance.
  • Fraud Prevention & Security: To detect, investigate, and prevent fraudulent or unauthorized activities.
  • Legal and Regulatory Compliance: To fulfill obligations under gambling, anti-money laundering, and data protection laws.

Regional Compliance Note: All processing purposes are compliant with NZ and international data protection standards.

Disclosure & Sharing

OBSERVE: Identifies potential recipients of personal data.
EXPAND: Details on data sharing circumstances, consent requirements, and protective measures.
REFLECT: Users are informed with whom and why their data may be shared.

  • Payment Partners: Banks, payment processors, and financial institutions for processing transactions.
  • Service Providers: IT hosting, customer support, marketing, analytics, and security vendors, all bound by strict confidentiality agreements.
  • Regulatory Authorities: Malta Gaming Authority, New Zealand regulatory bodies, and other competent authorities as required by law.
  • Affiliates and Subsidiaries: Companies within the Rootz Limited group for operational and compliance purposes.
  • Advertising Networks: Third-party advertising partners, only with explicit user consent for targeted advertising.

Legal Obligations: Data is disclosed only as necessary, with protective contractual clauses in place. No data is sold to external third parties.

Regional Compliance Note: Disclosures adhere to NZ Privacy Principle 11 (limits on disclosure) and international data sharing safeguards.

International Transfers

OBSERVE: Data may be transferred outside NZ.
EXPAND: Legal mechanisms and protection standards for international transfers are specified.
REFLECT: Users are assured of adequate protections for cross-border data movement.

  • Data Transfer Regions: Personal data may be transferred to Malta (headquarters), EU countries, and service providers in other jurisdictions as necessary.
  • Protection Guarantees: All transfers are safeguarded by Standard Contractual Clauses (SCCs), binding corporate rules, or equivalent legal frameworks.
  • Certifications: Rootz Limited is certified to ISO 27001 and PCI DSS, ensuring high standards of data protection.

All cross-border transfers comply with New Zealand Privacy Principle 12 (disclosure of personal information outside NZ) and the EU GDPR for data originating from the EU.

Regional Compliance Note: Users are notified and, where required, consent is obtained for international transfers.

Data Retention

OBSERVE: Specifies how long personal data is retained.
EXPAND: Retention periods vary by data category and legal requirements.
REFLECT: Users are informed of their data lifecycle and deletion rights.

  • Personal Data: Retained for up to 5 years following account closure or final transaction, unless a longer period is required by law (e.g., AML/KYC).
  • Payment and Transaction Data: Retained for at least 5 years to comply with financial reporting and anti-fraud obligations.
  • Behavioral and Technical Data: Retained as long as necessary for service provision, analytics, and regulatory compliance, but deleted or anonymized when no longer required.
  • Deletion Criteria: Data is securely deleted upon user request (subject to legal exemptions), expiration of legal retention periods, or once processing purposes are fulfilled.

Regional Compliance Note: Retention practices meet NZ Privacy Act 2020 and international gambling industry standards.

Your Rights

OBSERVE: Outlines user rights under NZ law and international standards.
EXPAND: Procedures, timelines, and free-of-charge guarantees are detailed.
REFLECT: Users have effective control over their personal information.

  1. Access: You may request confirmation of whether we hold personal data about you and obtain a copy of your data.
  2. Correction: You may request correction of inaccurate or incomplete data held about you.
  3. Deletion ("Right to be Forgotten"): You may request deletion of your personal data, subject to legal retention requirements.
  4. Restriction: You may request us to restrict processing of your data in specific circumstances.
  5. Objection: You may object to processing based on legitimate interests, including direct marketing.
  6. Data Portability: You may request transfer of your data to another provider in a structured, commonly used format.
  7. Withdrawal of Consent: You may withdraw your consent to marketing communications or cookies at any time.
  • How to Exercise Your Rights: Contact our DPO via [email protected] or use our live chat. Requests are processed within 30 days, free of charge, unless manifestly unfounded or excessive.

Legal Alignment: These rights reflect NZ Privacy Act 2020, the EU GDPR (Articles 12-23), and, where relevant, international standards. Additional rights may apply depending on your jurisdiction.

Regional Compliance Note: All requests are subject to identity verification and legal exceptions.

Cookies & Tracking Technologies

OBSERVE: Details about the use of cookies and tracking.
EXPAND: Types, purposes, and management options are specified.
REFLECT: Users can make informed choices about cookies.

  • Session Cookies: Essential for website functionality, authentication, and navigation; deleted when you close your browser.
  • Persistent Cookies: Remain on your device for a defined period to remember preferences and enhance user experience.
  • Third-Party Cookies: Set by analytics providers (e.g., Google Analytics) and advertising partners (only with consent) for performance measurement and targeted advertising.

Managing Cookies: You can manage or disable cookies via your browser settings or our internal cookie settings panel, accessible on caxino-nz.com.

Regional Compliance Note: Cookie usage and consent practices comply with NZ Privacy Act 2020, and international best practices for transparency and user control.

Data Security

OBSERVE: Security measures for data protection are comprehensive and multi-layered.
EXPAND: Technical and organizational safeguards, certifications, and staff protocols are detailed.
REFLECT: Users are assured of robust data protection practices.

  • Encryption: TLS 1.2+ is used for data transmission; sensitive data is encrypted at rest and in transit.
  • Access Controls: Multi-factor authentication, strict user access management, and role-based permissions.
  • Security Audits: Regular third-party security assessments and penetration testing are conducted to ensure ongoing integrity.
  • Staff Training: Employees receive mandatory training on data protection and security best practices.
  • Incident Response: Documented incident response plans for data breaches, including user notification procedures.
  • Certifications: Rootz Limited holds ISO 27001 and PCI DSS certifications.

Compliance: Our security program aligns with international standards (ISO 27001, SOC 2), NZ Privacy Act 2020, and industry best practices.

Regional Compliance Note: Immediate breach notifications are provided to affected users and authorities as required by law.

Complaints & Contacts

OBSERVE: Comprehensive complaint resolution channels are available.
EXPAND: Step-by-step procedures and escalation paths are provided.
REFLECT: Users have effective avenues to raise and resolve concerns.

  • DPO Contact: Aroha Williams, [email protected]
  • Online Form: Live Chat on caxino-nz.com
  • Mailing Address: Ewropa Business Centre, Dun Karm Street, Level 3 - 701, Birkirkara, BKR 9034, Malta
  1. Complaint Submission: Contact our DPO or use our live chat for all privacy-related concerns.
  2. Investigation: All complaints are acknowledged within 7 days and fully investigated within 30 days.
  3. Escalation: If unresolved, you may contact the New Zealand Office of the Privacy Commissioner:
    Website: https://privacy.org.nz
    Phone: +64 4 474 7590
    Email: [email protected]
  4. International Escalation: For EU-origin data, you may contact the Office of the Information and Data Protection Commissioner (Malta): https://idpc.org.mt

Regional Compliance Note: Complaint procedures meet NZ, Malta, and international data protection requirements.

Updates

OBSERVE: Users are informed of policy changes.
EXPAND: Notification methods, change logs, and user options are detailed.
REFLECT: Users can make informed decisions regarding significant changes.

  • Notification: We notify users of material changes via email, website banners, and account dashboard alerts.
  • Advance Notice: Significant updates are communicated at least 30 days before taking effect.
  • User Options: Users may object to changes or close their accounts before the update takes effect.
  • Version Control: This policy is versioned and dated: Last updated: 06 November 2025.
  • Changelog: Material changes are summarized in a dedicated changelog accessible on caxino-nz.com.

Regional Compliance Note: Update procedures comply with NZ, Malta, and international standards for transparency and user rights.