burger icon
Mr Fortune Casino
Log In

Privacy Policy

This privacy policy explains how mr-fortune-casino, operating exclusively through mr-fortune-nz.com, collects, uses, stores, and protects personal information of New Zealand players and website visitors. The policy applies to all individuals accessing or using our services and is effective as of 6 November 2025. Adhering to national laws and industry standards, we outline your privacy rights and our legal obligations in managing your data.

Who We Are

OBSERVE: Company identity, registration, and contact requirements.

EXPAND: Integration of all corporate and contact information, assignment of data protection responsibility.

REFLECT: Clear identification for regulatory and user trust.

  • Operator: mr-fortune-casino, operated by Green Feather Online Limited.
  • Legal Address: 57, Spinola Road, St Julian's, STJ 3017, Malta.
  • Company Registration Number: C80735 (Malta).
  • Gaming License: Malta Gaming Authority, License No. MGA/B2C/445/2017, valid through 2025.
  • Data Protection Officer (DPO): Aroha Williams.
  • Contact for Privacy Matters:

Regional Compliance Note: All data processing is conducted in accordance with New Zealand privacy laws and applicable international standards.

What Personal Data We Collect

OBSERVE: Establish categories of user data under NZ law.

EXPAND: Include all explicit and inferred data types relevant to gambling operations.

REFLECT: Ensure exhaustive disclosure for legal transparency.

  • Personal Identification Data: Full name, date of birth, postal address, email address, phone number, and government-issued identification for verification and KYC (Know Your Customer) requirements.
  • Technical Data: IP address, device type, browser details, operating system, log files, session records, and access timestamps.
  • Payment & Financial Data: Credit/debit card details, e-wallet information, bank account numbers, transaction histories, and withdrawal records.
  • Behavioral Data: Betting and gaming history, transaction logs, session duration, navigation patterns, and interaction with site features.
  • Cookies & Tracking Technologies: Session cookies, persistent cookies, third-party cookies, beacons, and similar tracking tools (see 'Cookies & Tracking Technologies' for details).
  • User Communications: Support requests, chat messages, email correspondence, and feedback forms.

Legal Basis for Processing

OBSERVE: NZ and EU legal grounds for data processing.

EXPAND: Explicit mapping of processing activities to legal justifications.

REFLECT: Provide users with clear legal rationale and protective clauses.

  1. User Consent: Data processing based on explicit consent obtained during registration and for specific purposes (e.g., marketing communications). Consent may be withdrawn at any time.
  2. Contractual Necessity: Processing is necessary to fulfill service agreements, including account creation, management, payment processing, and provision of gaming services.
  3. Legal Obligations: Data is processed to comply with statutory requirements, such as identity verification (KYC), anti-money laundering (AML) duties, financial reporting, and regulatory audits under both NZ and Maltese law.
  4. Legitimate Interests: Data processing supports fraud prevention, service improvement, system security, and analytical activities that do not override users' fundamental rights.

Regional Compliance Note: Where New Zealand privacy law and international standards differ, the stricter protection applies.

Purpose of Processing

OBSERVE: Identify all reasons for data collection and use.

EXPAND: Clarify operational, legal, and marketing purposes.

REFLECT: Guarantee transparency and lawful processing.

  • Provision of Casino Services: Account registration, user authentication, and gameplay management for mr-fortune-casino on mr-fortune-nz.com.
  • Payment Processing: Managing deposits and withdrawals securely and in compliance with AML regulations.
  • Service Improvement: Analyzing user feedback and site interactions to enhance gaming experience and platform reliability.
  • Marketing and Promotions: Sending promotional messages, offers, and newsletters with user consent.
  • Regulatory Compliance: Fulfilling KYC/AML requirements, reporting obligations, and responding to regulator requests.
  • Fraud and Risk Management: Detecting and mitigating fraudulent, abusive, or illegal activities.
  • Analytics and Research: Conducting statistical analysis to optimize service delivery and ensure regulatory adherence.

Disclosure & Sharing

OBSERVE: Define all circumstances and recipients of data sharing.

EXPAND: Explicitly state legal bases, third-party roles, and user consent as required.

REFLECT: Protect user interests and ensure legal accountability.

  • Payment Processors: Sharing payment and identification data with licensed financial institutions and payment gateways for transaction processing.
  • Service Providers: Disclosing information to IT, hosting, analytics, and customer support vendors under strict data protection agreements.
  • Regulatory Authorities: Providing data to the Malta Gaming Authority, New Zealand authorities, and other regulators as required by law.
  • Affiliates and Subsidiaries: Limited sharing with affiliated brands (e.g., bCasino, Boo Casino) only for legitimate, disclosed purposes, subject to user consent.
  • Advertising Networks: Disclosure of anonymized or pseudonymized data to approved marketing partners, only where user consent has been obtained.
  • Legal Compliance: Data may be disclosed to law enforcement or other authorities under lawful requests, court orders, or to protect the rights, property, and safety of mr-fortune-casino and its users.

International Transfers

OBSERVE: Identify all cross-border data flows and relevant legal standards.

EXPAND: Specify mechanisms and safeguards for international transfers.

REFLECT: Demonstrate commitment to maintaining data protection standards globally.

  • Transfer Destinations: Personal data may be processed and stored in Malta (headquarters), New Zealand (clients), and other jurisdictions hosting our IT or service providers.
  • Protection Measures: All transfers are secured by:
    • Standard Contractual Clauses (SCCs) where applicable
    • Binding corporate rules
    • Contractual obligations ensuring data protection equivalent to NZ and EU standards
    • Regular risk assessments and third-party audits
  • User Rights: You have the right to request details of cross-border transfers and the safeguards applied.

Regional Compliance Note: All international transfers are performed in accordance with the NZ Privacy Act 2020 and applicable GDPR provisions, applying the most stringent standard where they differ.

Data Retention

OBSERVE: Define retention periods by data category and legal basis.

EXPAND: Include deletion criteria and user-initiated removal procedures.

REFLECT: Assure users of responsible and lawful data lifecycle management.

  • Personal Data: Retained for the duration of the user relationship and no longer than five (5) years following account closure or the last activity, in accordance with AML and regulatory requirements.
  • Financial & Transaction Data: Retained for at least five (5) years to comply with legal obligations and resolve potential disputes.
  • Technical & Behavioral Data: Retained for up to three (3) years for analytics and security purposes, unless longer retention is legally required.
  • Deletion Criteria: Data is deleted or anonymized upon user request (subject to legal exceptions), expiration of the retention period, or when processing purposes have been fulfilled.

Regional Compliance Note: All retention and deletion practices conform with NZ Privacy Act 2020 and MGA requirements.

Your Rights

OBSERVE: List all user rights under GDPR, NZ law, and relevant international standards.

EXPAND: Provide actionable procedures and response timeframes for rights exercise.

REFLECT: Empower users while maintaining legal protections.

  1. Right of Access: You may request a copy of your personal data held by mr-fortune-casino on mr-fortune-nz.com at any time.
  2. Right to Rectification: You have the right to have incomplete or inaccurate data corrected without undue delay.
  3. Right to Erasure: You may request deletion of your personal data, except where retention is required by law (e.g., for AML compliance).
  4. Right to Restrict Processing: You may request temporary suspension of processing activities under certain conditions (e.g., data accuracy disputes).
  5. Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
  6. Right to Data Portability: You may request transfer of your personal data to another service provider in a structured, commonly used, and machine-readable format.
  7. Right to Withdraw Consent: You may withdraw marketing or other consents at any time without affecting the lawfulness of processing prior to withdrawal.
  8. Procedure: To exercise any rights, contact our DPO at support@mr-fortune-nz.com or via our Contact Form. We will respond within thirty (30) days. All requests are processed free of charge unless manifestly unfounded or excessive.

Regional Compliance Note: These rights are provided in alignment with the NZ Privacy Act 2020 and EU GDPR. Where stricter protections apply, they will be honored.

Cookies & Tracking Technologies

OBSERVE: Detail types and purposes of cookies and tracking tools.

EXPAND: Include management and opt-out mechanisms for users.

REFLECT: Enable informed user choices about tracking.

  • Session Cookies: Temporary cookies necessary for secure login and session management. Deleted when you close your browser.
  • Persistent Cookies: Remain on your device for a defined period to remember preferences, enhance navigation, and maintain user experience.
  • Third-Party Cookies: Set by analytics and advertising partners to measure site performance and deliver targeted offers (activated only with your consent).
  • Cookie Management: You can manage or disable cookies via your browser settings or the internal cookie settings panel on mr-fortune-nz.com. Disabling certain cookies may impact service functionality.

Regional Compliance Note: All cookie usage is compliant with NZ and EU ePrivacy requirements, with users offered granular consent controls.

Data Security

OBSERVE: List technical and organizational safeguards for user data.

EXPAND: Specify adherence to international standards and incident response protocols.

REFLECT: Provide assurance of robust data protection practices.

  • Encryption: All data transmissions are protected with TLS 1.2+ encryption, and sensitive data is encrypted at rest using industry-standard algorithms.
  • Access Controls: Strict role-based access and multi-factor authentication for all administrative accounts.
  • Security Audits: Regular internal and external security audits, vulnerability assessments, and penetration testing.
  • Staff Training: Ongoing staff training on data security and incident response procedures.
  • Incident Response: Immediate investigation and mitigation of any suspected breaches, with affected users notified as required by law.
  • Standards Compliance: Security measures are aligned with ISO 27001 and SOC 2 standards where applicable.

Regional Compliance Note: Security protocols are reviewed annually to ensure compliance with NZ and MGA regulatory requirements.

Complaints & Contacts

OBSERVE: Provide all complaint channels and escalation routes for privacy concerns.

EXPAND: Detail complaint handling procedures and regulatory contact options.

REFLECT: Ensure accessible and effective redress for users.

  1. Contact our Data Protection Officer:
  2. Complaint Procedure: Submit your complaint with a clear description of your concern. We will acknowledge receipt within seven (7) days and provide a substantive response within thirty (30) days.
  3. Escalation: If unsatisfied with our response, you may escalate your complaint to the New Zealand Office of the Privacy Commissioner (www.privacy.org.nz; phone: +64 4 474 7590; email: enquiries@privacy.org.nz). For cross-border matters, you may also contact the Malta Data Protection Authority (www.idpc.org.mt).

Regional Compliance Note: All complaints are handled in accordance with NZ Privacy Act 2020 and applicable international regulations.

Updates

OBSERVE: Detail how users will be notified of policy changes and version controls.

EXPAND: Explain advance notice, objection, and account closure options.

REFLECT: Maintain transparency and user choice regarding privacy policy changes.

  • Notification Methods: Users will be informed of policy updates through email notifications, website banners, and account dashboard alerts.
  • Version Control: This policy is version-controlled and labeled as "Last updated: 6 November 2025".
  • Changelog: Material changes will be summarized and published in a dedicated changelog section.
  • Advance Notice: For significant changes, at least thirty (30) days' notice will be provided, offering users the opportunity to object or close their account before changes take effect.

Regional Compliance Note: All updates and user notifications adhere to NZ and EU requirements for transparency and user rights.