Spinbit handling of personal data, privacy choices and account information

The privacy scope that applies to spinbit use

spinbit may handle personal data when a user visits the service, creates or manages an account, contacts support, uses account controls, takes part in service activity, or interacts with payment, verification, security or communication features. The information handled can depend on the services used, the account status, the user’s location and the type of request or activity involved.

This Privacy Policy applies to personal data connected with spinbit services made available to users in New Zealand. Some processing may relate directly to account activity, while other processing may support technical operation, fraud prevention, service messages, responsible gambling controls or legal and regulatory requirements.

We aim to keep privacy information clear and practical. Where a data activity depends on a specific account feature, region, verification step or service provider, the exact details may vary. Personal data should be handled for a defined purpose and not collected without a connection to the service or a user request.

Personal details users may provide to spinbit

Users may provide personal data when registering, updating account information, completing checks, making a request, contacting support or using account-related services. This may include name, date of birth, contact details, location information, account identifiers and information needed to manage or verify the account.

Depending on the services used, spinbit may also request information connected with identity, age, payment method ownership, address, account security or other compliance-related checks. These requests may occur during registration, before certain transactions, after unusual account activity, or when required by applicable rules or operational safeguards.

If a user contacts us, we may handle the content of the message, the time of contact, related account information and any documents or details provided through the relevant support route. Users should avoid sending unnecessary sensitive information unless it is requested through an appropriate and secure channel.

spinbit account activity and technical records

When a user interacts with spinbit, technical and usage information may be created automatically. This may include IP address, device type, browser details, operating system, session information, log-in records, page activity, error messages, security events and similar technical data.

We use these records to keep the service functioning, investigate technical issues, manage sessions, detect suspicious activity and protect accounts. Technical data may also help us understand how the service performs across devices and how service flows can be maintained or improved.

Some technical information may not directly identify a user by itself, but it can become personal data when linked to an account or other identifying details. For that reason, spinbit treats technical records with the same controlled approach used for other account-related information.

Why spinbit uses personal data

spinbit may use personal data to create and maintain accounts, process user requests, manage access, support transactions, operate service functions, provide account notices, carry out verification, prevent misuse and maintain service security. Data may also be used to apply responsible gambling settings, handle restrictions or respond to user requests connected with account control.

Where relevant to account use, information may be used to check whether details are accurate, whether a payment method belongs to the correct user, whether account activity appears unusual, or whether a service rule has been followed. These checks can help protect users and the service from unauthorised access, fraud, duplicate account activity or other misuse.

spinbit may also use contact details to send important service messages. These may include notices about account security, terms, operational changes, transaction-related matters or responses to user requests. Such messages are separate from marketing communication and may be necessary for the service to function properly.

Communication preferences inside spinbit

spinbit may use contact information to communicate with users about account activity, service updates, support requests, security matters and other service-related topics. Marketing messages may be sent only where permitted and in line with the user’s available preferences or consent settings.

Users may be able to adjust communication preferences, unsubscribe from certain marketing messages or request changes to the way promotional communication is handled. Available options may vary depending on account settings, location and service configuration.

If a user activates responsible gambling controls, requests a break or asks to reduce gambling-related communication, spinbit may process the necessary information to apply that request. Some essential account messages may still be sent where they relate to security, legal notices, account status or important service information.

Sharing data with service partners

spinbit may share or make personal data available to selected service providers where this is necessary for account operation, payment handling, identity checks, technical hosting, analytics, customer support, security monitoring, communication delivery or other service-related functions. These parties may process information on our behalf or in another role permitted by applicable requirements.

Information shared with service providers should be limited to what is needed for the relevant purpose. For example, a technical provider may need operational data, while a payment-related provider may need transaction details. The exact data involved can depend on the service used and the nature of the request.

We may also disclose personal data where permitted or required by applicable law, regulatory requirements, legal process, dispute handling, fraud prevention, account security or protection of rights. If personal data is handled outside New Zealand, appropriate steps are intended to support handling in line with applicable privacy requirements.

How spinbit protects and keeps information

spinbit takes appropriate steps to protect personal data against unauthorised access, loss, misuse, alteration or unnecessary disclosure. These steps may include access controls, internal handling rules, technical monitoring, role-based permissions, secure processing practices and other organisational or technical safeguards.

Personal data may be retained for as long as needed for the purpose for which it was collected, and for longer where legal, regulatory, accounting, security, fraud prevention, dispute resolution or operational requirements apply. Specific retention periods may depend on the type of data, the account status, the services used and the reason the information is held.

When information is no longer needed, it may be deleted, anonymised or kept in a restricted form if immediate deletion is not possible or if continued retention is permitted or required. Closing an account does not always mean that all personal data can be removed immediately.

Cookies, analytics and similar technologies

spinbit may use cookies, local storage and similar technologies to support log-in sessions, account security, service performance, user preferences, analytics and technical stability. Some of these technologies may be necessary for core service functions to work correctly.

Analytics and technical measurement may help us understand service performance, identify errors and maintain user flows. Where cookies or similar tools are used for communication, preference management or marketing-related purposes, their use may depend on the user’s choices and applicable requirements.

Users may be able to manage cookies through browser settings or available service controls. Restricting certain technologies may affect how parts of the service function, especially where they are needed for log-in, session management, fraud prevention or security.

Privacy requests from New Zealand users

Users in New Zealand may have rights in relation to their personal data under applicable privacy requirements. Depending on the circumstances, a user may request access to personal data, correction of inaccurate information, deletion where available, restriction of certain handling, objection to certain processing or information about how data is used.

Not every request can be completed in every situation. spinbit may need to retain or continue handling certain information where required for legal, security, verification, payment, responsible gambling, fraud prevention, dispute or operational reasons. If a request cannot be completed fully, it may be handled to the extent permitted by the applicable requirements.

If a user contacts spinbit about privacy, we may need to verify the requester’s identity before responding or making changes. This helps protect account information from being disclosed or altered by someone who is not authorised. Privacy requests should be sent through the contact route made available by the service, with a clear description of the request and without unnecessary sensitive details.