Privacy Policy

This privacy policy explains how personal data is collected, used, disclosed, and protected when individuals interact with quatro-casino-new-zealand via quatro-nz.com. It applies to all players and website visitors residing in New Zealand. The effective date of this policy is 6 November 2025.

Who We Are

OBSERVE: quatro-casino-new-zealand is operated by Fresh Horizons Ltd., a company licensed by the Kahnawake Gaming Commission (License No. 00892, valid through 2025), and also holds a Malta Gaming Authority (MGA/B2C/167/2008) license. The company's registered legal address is Suite 106, 12G, Industrial Zone, Kahnawake, Quebec, J0L 1B0, Canada. For New Zealand operations, the brand is accessible exclusively via quatro-nz.com.

• Data Protection Point of Contact: All privacy-related enquiries should be directed to our Data Protection Officer (DPO) at support@quatro-nz.com. For general enquiries, info@quatro-nz.com is also available.
• Online Contact: Users can access our contact form or live chat for support.

REFLECT: This ensures compliance with NZ, Canadian, and EU regulatory disclosure standards for operator identity and contact.

What Personal Data We Collect

OBSERVE: To provide regulated gambling services, quatro-casino-new-zealand collects both direct and indirect data as follows:

• Personal Identification Data: Full name, date of birth, residential address, e-mail address, phone number, and account credentials (as required by law for KYC/AML compliance).
• Technical Data: IP address, device identifiers, browser type/version, operating system, access timestamps, and activity logs (collected automatically for security and analytics).
• Payment Data: Bank details, card information (tokenized where possible), transaction history, and withdrawal requests (for secure processing of deposits and payouts).
• Behavioral and Usage Data: Betting and gaming history, clickstream data, time spent on site, user preferences, and communication records (for responsible gaming and service personalization).
• Cookies and Tracking Technologies: Session, persistent, and third-party cookies (see Cookies & Tracking Technologies section for details).

EXPAND: Data collection is limited to what is necessary for regulatory compliance, account operation, and service improvement, in accordance with NZ Privacy Act 2020 and industry best practices.

Legal Basis for Processing

OBSERVE: quatro-casino-new-zealand processes personal data only when permitted by law. The principal legal grounds include:

• User Consent: Where required, users are asked for explicit consent (e.g., for marketing communications or cookies).
• Contractual Necessity: Data is processed to perform obligations under the user agreement (account setup, deposits, withdrawals, and customer service).
• Legitimate Interest: Processing for purposes such as fraud prevention, IT security, analytics, and direct communications that do not override user rights.
• Legal Obligation: Compliance with anti-money laundering (AML), know your customer (KYC), record keeping, and regulatory reporting requirements in all relevant jurisdictions (NZ, Canada, Malta).

REFLECT: All processing aligns with the NZ Privacy Act 2020, EU GDPR (where relevant), and other applicable gaming regulations, ensuring robust user protection.

Purpose of Processing

OBSERVE: Personal data is processed for clear, limited, and legitimate purposes. These include:

• Provision of Casino Services: Account management, transaction processing, and delivery of gaming products on quatro-nz.com.
• Service Improvement: Monitoring user interactions to enhance website performance, user experience, and product offerings.
• Marketing and Communications: Sending promotional offers, newsletters, and service updates (with opt-in consent and opt-out mechanisms).
• Analytics and Research: Aggregated data analysis to improve risk management, responsible gambling initiatives, and product development.
• Fraud and Abuse Prevention: Detecting and preventing unauthorised access, fraudulent transactions, and breaches of gaming regulations.

EXPAND: Data is never used for unrelated purposes without informing users and obtaining additional consent where required.

Disclosure & Sharing

OBSERVE: Personal data may be disclosed to third parties strictly as necessary and in accordance with legal obligations:

• Payment Processors and Financial Institutions: For secure deposit, withdrawal, and identity verification transactions.
• Technical Service Providers: IT hosting, platform maintenance, analytics, and customer support partners (all bound by confidentiality agreements).
• Regulatory Authorities: NZ Gambling Commission, Kahnawake Gaming Commission, Malta Gaming Authority, and other lawful authorities upon request or as required by law.
• Affiliates and Marketing Networks: With explicit user consent, for direct marketing or promotional activities, always with opt-out rights.
• Legal Successors: In case of merger, acquisition, or transfer, with prior notice to users, ensuring equivalent data protection standards.

REFLECT: No personal data is sold to third parties. All disclosures are limited to the minimum necessary and fully documented.

International Transfers

OBSERVE: quatro-casino-new-zealand may transfer personal data to countries outside New Zealand, primarily to Canada (for operational headquarters), Malta (for regulatory compliance), and secure hosting providers.

• Legal Safeguards: Data transfers are governed by standard contractual clauses and robust data protection agreements ensuring compliance with NZ, Canadian, and EU data protection laws.
• Third-Party Protections: Service providers and partners are contractually obligated to maintain equivalent security and privacy standards.

REFLECT: Users are informed and protected whenever international transfers occur, and such transfers are subject to regular compliance reviews.

Regional Compliance Note: All international data flows are aligned with the NZ Privacy Act 2020, ensuring continuous protection of user rights.

Data Retention

OBSERVE: quatro-casino-new-zealand retains personal data for no longer than necessary to fulfil the purposes for which it was collected or as required by law.

• Account and Transaction Data: Retained for up to 5 years after account closure to comply with AML/KYC and financial regulations.
• Marketing Data: Deleted or anonymised within 30 days of marketing consent withdrawal.
• Technical and Analytics Data: Stored for up to 2 years, unless longer retention is required for security or regulatory audits.
• Deletion Criteria: Data is deleted upon user request (subject to legal obligations), expiration of retention periods, or the end of the processing purpose.

REFLECT: Regular audits ensure compliance with retention policies and immediate erasure of data when no longer necessary.

Your Rights

OBSERVE: Users of quatro-nz.com have strong data subject rights under the NZ Privacy Act 2020 and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Access: Right to request a copy of the personal data held, free of charge, within 30 days.
2. Correction: Right to request correction of inaccurate or incomplete data.
3. Deletion: Right to request deletion of data when it is no longer necessary for processing or upon withdrawal of consent, except where retention is legally required.
4. Restriction: Right to restrict processing under certain circumstances (e.g., pending correction or contestation of data).
5. Objection: Right to object to processing based on legitimate interests or for direct marketing purposes.
6. Data Portability: Right to receive personal data in a structured, machine-readable format and transmit it to another provider.
7. Withdrawal of Consent: Right to withdraw consent for marketing or optional features at any time, without affecting prior processing.

Procedures for Exercising Rights: Users may submit requests via support@quatro-nz.com or through the contact form. All requests are processed within 30 days, free of charge, except where manifestly unfounded or excessive.

REFLECT: These rights are enforced in accordance with NZ, EU, and (where relevant) international data protection standards, with clear user instructions and no undue barriers.

Cookies & Tracking Technologies

OBSERVE: quatro-casino-new-zealand uses cookies and similar technologies on quatro-nz.com to ensure proper website functionality and enhance user experience.

• Session Cookies: Essential for operation, authentication, and security. Deleted when the browser is closed.
• Persistent Cookies: Store preferences and login details for easier navigation, retained for up to 12 months unless manually deleted.
• Third-Party Cookies: Used for analytics (e.g., Google Analytics) and targeted advertising, set only with user consent.

Managing Cookies: Users can manage or disable cookies via browser settings or internal account panels. Opt-out options are provided for non-essential cookies at the point of collection.

REFLECT: Full transparency is maintained regarding tracking technologies, in accordance with NZ and international best practices.

Data Security

OBSERVE: quatro-casino-new-zealand implements a multi-layered security program to protect all personal data collected via quatro-nz.com.

• Encryption: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is protected by advanced encryption standards (AES-256).
• Authentication and Access Controls: Multi-factor authentication for staff access, strict role-based access, and regular credential reviews.
• Security Audits: Regular internal and external security audits, including compliance with ISO 27001 and SOC 2 standards where applicable.
• Staff Training: Ongoing training in data protection, privacy, and incident response procedures for all personnel handling user data.
• Incident Management: Formal incident response plan with immediate user notification in the event of a data breach, as required by law.

REFLECT: Security measures are regularly reviewed and updated to address emerging threats and regulatory changes, ensuring continuous data protection.

Complaints & Contacts

OBSERVE: quatro-casino-new-zealand provides multiple channels for privacy complaints and feedback.

• DPO Contact: Email support@quatro-nz.com or use the contact form for privacy-related concerns.
• Online Feedback: Live chat available at quatro-nz.com/livechat.
• Step-by-Step Complaint Procedure:
  1. Submit your complaint via email, contact form, or live chat.
  2. Receive acknowledgement within 3 business days.
  3. Investigation and response provided within 30 days.
  4. If unresolved, escalate to the Office of the Privacy Commissioner of New Zealand at privacy.org.nz or call 0800 803 909.
  5. For matters involving international transfers, contact the Office of the Privacy Commissioner of Canada or relevant EU supervisory authority.

REFLECT: All complaints are handled promptly and confidentially, with clear escalation procedures and regulatory oversight.

Updates

OBSERVE: This privacy policy is reviewed and updated regularly to reflect changes in law, operations, or data processing practices.

• Notification Procedures: Users will be notified of material changes via email, website banners, and account dashboard alerts at least 30 days in advance.
• User Options: Users may object to changes or close their account without penalty if they do not accept revised terms.
• Version Control: Last updated: 6 November 2025. Changelog detailing material amendments is available upon request.

REFLECT: Regular updates and transparent communication ensure users remain informed of their rights and any changes affecting their data.