Last Updated: October 21, 2025
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, throughout the European Union (EU) and European Economic Area (EEA). The regulation establishes strict requirements for how organizations collect, process, store, and protect the personal data of individuals within these regions.
At southernstarplay.com ("we," "us," "our," or "SouthernStarPlay"), we are committed to full compliance with GDPR principles and requirements, even though we are based in New Zealand. We believe that all users, regardless of their location, deserve the highest standards of data protection and privacy. This GDPR Compliance Statement explains how we meet our obligations under GDPR and how we protect the rights of EU/EEA residents who use our celestial-themed social entertainment platform.
This document should be read in conjunction with our Privacy Policy, Cookie Policy, and Terms and Conditions, which provide additional details about our data practices. Together, these documents form our comprehensive approach to data protection and user privacy.
If you are a resident of the EU or EEA, you have specific rights under GDPR that we fully respect and facilitate. This statement outlines those rights and explains how you can exercise them when using our platform.
SouthernStarPlay is committed to protecting the personal data of all users, with particular attention to the enhanced protections afforded to EU/EEA residents under GDPR. Our commitment includes:
2.1 Lawful Processing: We process personal data only when we have a valid legal basis to do so, as required by GDPR Article 6. Our legal bases include your consent, performance of our contract with you (providing the Platform services), compliance with legal obligations, and our legitimate business interests in operating and improving the Platform.
2.2 Transparency: We are transparent about what personal data we collect, how we use it, who we share it with, and how long we retain it. Our Privacy Policy and this GDPR statement provide clear, accessible information about our data practices in plain language.
2.3 Data Minimization: We collect only the personal data that is necessary for the specific purposes we have identified. We do not collect excessive or irrelevant information. When registering for southernstarplay.com, we ask only for essential information needed to verify your age and create your account.
2.4 Purpose Limitation: We use your personal data only for the purposes we have clearly communicated to you. We do not use your data for incompatible purposes unless we obtain your explicit consent or are legally required to do so.
2.5 Accuracy: We take reasonable steps to ensure that the personal data we hold about you is accurate and up to date. We provide mechanisms for you to review and update your information through your account settings.
2.6 Storage Limitation: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.
2.7 Security: We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include SSL-256 encryption, access controls, regular security audits, and employee training on data protection.
2.8 Accountability: We maintain documentation of our data processing activities, conduct data protection impact assessments when appropriate, and can demonstrate our compliance with GDPR principles upon request from supervisory authorities.
In accordance with GDPR's data minimization principle, we collect only the personal data necessary to provide our services and comply with legal requirements. For EU/EEA residents, we collect and process the following categories of personal data:
3.1 Account Information: When you register for an account, we collect your email address, chosen username, date of birth (for age verification), and country of residence. This information is necessary to create your account, verify you are 18 or older, and provide our services to you.
3.2 Technical Data: We automatically collect certain technical information when you use our platform, including your IP address, browser type and version, device identifiers, operating system, and information about how you interact with our features. This data helps us optimize performance, ensure security, and improve user experience.
3.3 Usage Data: We collect information about your engagement with our celestial entertainment features, including gameplay sessions, constellation progress, star collection, multiplier activations, leaderboard participation, and interaction with time-based rewards and nightly events. This data helps us provide personalized experiences and improve our platform.
3.4 Communication Data: When you contact our support team at support@southernstarplay.com, we collect the content of your communications, your contact information, and any additional information you choose to provide to help us address your inquiry.
3.5 Cookie Data: We use cookies and similar technologies to collect information about your preferences and interactions with the Platform. For detailed information about our use of cookies, please see our Cookie Policy.
We do not collect special categories of personal data (also known as sensitive data) such as information about your racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning your sexual orientation, unless you voluntarily provide such information (which we do not request or require).
Under GDPR Article 6, we must have a lawful basis for processing your personal data. We rely on the following legal bases:
4.1 Consent (Article 6(1)(a)): In some cases, we process your personal data based on your explicit consent. For example, when you accept our Cookie Policy, you consent to our use of non-essential cookies. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
4.2 Performance of Contract (Article 6(1)(b)): We process your personal data when necessary to provide the services you have requested through our platform. This includes creating and managing your account, enabling you to participate in constellation bonuses and nightly events, maintaining leaderboard rankings, and providing customer support. Without processing this data, we cannot deliver the services outlined in our Terms and Conditions.
4.3 Legal Obligation (Article 6(1)(c)): We may process your personal data when required to comply with legal obligations, such as age verification requirements, responding to lawful requests from authorities, or maintaining records required by applicable laws and regulations.
4.4 Legitimate Interests (Article 6(1)(f)): We may process your personal data when necessary for our legitimate business interests or those of a third party, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:
• Operating, maintaining, and improving our Platform
• Detecting and preventing fraud, security threats, and illegal activities
• Analyzing platform usage to enhance user experience
• Conducting research and development
• Ensuring network and information security
• Communicating with you about important updates or changes to our services
When we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override your rights. You have the right to object to processing based on legitimate interests.
If you are a resident of the EU or EEA, you have the following rights regarding your personal data under GDPR. We are committed to facilitating the exercise of these rights:
5.1 Right to Information (Articles 13-14): You have the right to receive clear and transparent information about how we collect and use your personal data. This GDPR statement, along with our Privacy Policy, provides this information.
5.2 Right of Access (Article 15): You have the right to obtain confirmation of whether we are processing your personal data and, if so, to access that data along with information about how it is being processed. You can request a copy of your personal data by contacting support@southernstarplay.com. We will provide this information free of charge, in a structured, commonly used, and machine-readable format, within one month of your request (extendable by two months for complex requests).
5.3 Right to Rectification (Article 16): You have the right to have inaccurate personal data corrected and incomplete personal data completed. You can update much of your information directly through your account settings, or contact our support team for assistance. We will rectify inaccurate data without undue delay.
5.4 Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request deletion of your personal data in certain circumstances, including when:
• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent on which processing is based (and there is no other legal basis)
• You object to processing based on legitimate interests (and there are no overriding legitimate
grounds)
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation
To request deletion of your data, contact support@southernstarplay.com. Please note that we may retain certain information when required by law or for legitimate purposes such as resolving disputes or enforcing our agreements.
5.5 Right to Restriction of Processing (Article 18): You have the right to request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing based on legitimate interests. During the restriction period, we will store your data but not further process it (except with your consent or for legal claims).
5.6 Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible. This right applies to data you have provided to us based on consent or contract, and that we process by automated means.
5.7 Right to Object (Article 21): You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. When you object on grounds relating to your particular situation, we must stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You have an absolute right to object to processing for direct marketing purposes.
5.8 Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. Currently, southernstarplay.com does not engage in automated decision-making or profiling that would significantly affect you in this manner.
5.9 Right to Withdraw Consent: Where we process your personal data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before withdrawal.
5.10 Right to Lodge a Complaint (Article 77): You have the right to lodge a complaint with a supervisory authority, particularly in the EU/EEA member state of your habitual residence, place of work, or place of alleged infringement, if you believe our processing of your personal data violates GDPR. While we encourage you to contact us first so we can address your concerns directly, you have the right to approach a supervisory authority at any time.
We have established clear procedures for exercising your GDPR rights:
6.1 Submitting a Request: To exercise any of your GDPR rights, please contact us at support@southernstarplay.com with the subject line "GDPR Data Request." In your request, please specify:
• Which right(s) you wish to exercise
• Your full name and email address associated with your account
• Any specific details relevant to your request
• Proof of your identity (we may require this to ensure we are providing information to the correct
person)
6.2 Identity Verification: To protect your personal data and prevent unauthorized access, we may need to verify your identity before fulfilling your request. We will request only the minimum information necessary for verification purposes.
6.3 Response Timeline: We will respond to your request without undue delay and in any event within one month of receipt. If your request is particularly complex or we receive multiple requests from you, we may extend this period by two additional months. We will inform you of any such extension within one month of receiving your request, along with the reasons for the delay.
6.4 No Fee: We will not charge a fee for processing your GDPR request unless your request is manifestly unfounded or excessive, particularly if it is repetitive. In such cases, we may charge a reasonable fee or refuse to act on the request. We will inform you of any fees before proceeding.
6.5 Request Denial: If we cannot fulfill your request, we will explain why and inform you of your right to complain to a supervisory authority and to seek judicial remedy.
SouthernStarPlay is based in New Zealand, which means that personal data from EU/EEA residents may be transferred to and processed in New Zealand or other countries where our service providers operate. GDPR Chapter V governs the transfer of personal data outside the EU/EEA.
7.1 Adequacy Decision: While New Zealand does not currently have an adequacy decision from the European Commission under GDPR, New Zealand's privacy laws provide strong protections and the European Commission previously recognized New Zealand under the former Data Protection Directive.
7.2 Appropriate Safeguards: When transferring personal data from the EU/EEA to New Zealand or other third countries, we implement appropriate safeguards as required by GDPR Article 46, which may include:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding corporate rules (if applicable)
• Codes of conduct or certification mechanisms (when available)
• Other legally approved transfer mechanisms
7.3 Your Rights Regarding Transfers: You have the right to request information about the safeguards we have implemented for international data transfers. You can also request a copy of the relevant transfer mechanisms by contacting support@southernstarplay.com.
7.4 Service Provider Agreements: When we engage third-party service providers who may process personal data on our behalf, we ensure they provide appropriate guarantees regarding data protection, regardless of their location. All such processors are contractually bound to process personal data only in accordance with our instructions and GDPR requirements.
While GDPR Article 37 requires certain organizations to appoint a Data Protection Officer (DPO), our organization's processing activities do not currently trigger this mandatory requirement. However, we have designated responsible personnel to oversee data protection compliance and handle GDPR-related inquiries.
8.1 GDPR Inquiries: For any questions, concerns, or requests related to GDPR or your data protection rights, please contact us at:
Email: support@southernstarplay.com
Subject Line: Please include "GDPR" in your subject line for priority handling
Response Time: We aim to respond to all GDPR-related inquiries within 48 hours
Location: Auckland, New Zealand
8.2 Supervisory Authority: If you are not satisfied with our response to your GDPR inquiry or believe we are processing your personal data in violation of GDPR, you have the right to lodge a complaint with your local supervisory authority. You can find your supervisory authority through the European Data Protection Board website at https://edpb.europa.eu/.
GDPR Article 32 requires that we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Our security measures include:
9.1 Encryption: We use SSL/TLS 256-bit encryption for all data transmissions between your device and our servers. Sensitive personal data is also encrypted at rest in our databases.
9.2 Access Controls: We implement strict access controls to ensure that only authorized personnel can access personal data, and only to the extent necessary for their job functions. All employees and contractors with access to personal data are bound by confidentiality obligations.
9.3 Regular Security Assessments: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security risks.
9.4 Incident Response: We have established procedures for detecting, responding to, and reporting personal data breaches in accordance with GDPR Article 33 and 34. In the event of a breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach and will notify affected individuals without undue delay where required.
9.5 Security by Design and by Default: We integrate data protection considerations into the development of new features and services, implementing privacy-enhancing technologies and settings that protect personal data by default.
9.6 Staff Training: Our staff receive regular training on data protection principles, GDPR requirements, and our internal data handling policies and procedures.
In accordance with GDPR's storage limitation principle, we retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law:
10.1 Account Data: We retain your account information for as long as your account remains active. If you close your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain certain information for legal, regulatory, or legitimate business purposes.
10.2 Technical and Usage Data: We typically retain technical and usage data for up to 2 years for analytics and platform improvement purposes, after which it is anonymized or deleted.
10.3 Communication Records: We retain records of communications with our support team for up to 3 years to maintain a record of our customer service interactions and resolve any follow-up issues.
10.4 Legal Requirements: We may retain certain personal data for longer periods when required by law, regulation, or legal process, or to protect our legal rights and interests.
10.5 Anonymization: Where possible, we anonymize personal data when it is no longer needed for the original purpose but may have value for statistical or analytical purposes. Anonymized data is no longer considered personal data under GDPR.
GDPR Article 8 provides specific protections for children's personal data. Consistent with these protections and our general policies:
11.1 Age Restriction: southernstarplay.com is intended exclusively for individuals aged 18 years and older. We do not knowingly collect or process personal data from anyone under the age of 18, including children under the age of 16 (the GDPR age of consent for information society services).
11.2 Age Verification: We implement age verification mechanisms to prevent access by individuals under 18. These mechanisms are designed to comply with both GDPR requirements and our commitment to responsible social entertainment.
11.3 Inadvertent Collection: If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete that information from our systems. If you believe we have collected information from a child, please contact us immediately at support@southernstarplay.com.
We may update this GDPR Compliance Statement from time to time to reflect changes in our practices, legal requirements, or GDPR guidance. When we make significant changes, we will:
• Update the "Last Updated" date at the top of this page
• Post the revised statement on our platform
• Notify affected users via email or prominent notice on the Platform when appropriate
• For material changes that require consent, obtain fresh consent where necessary
We encourage you to review this GDPR statement periodically to stay informed about how we protect your personal data and facilitate your rights.
13.1 Transparency Reports: We are committed to transparency in our data protection practices. While we do not currently publish regular transparency reports, we are prepared to provide information about our data processing activities to supervisory authorities upon request.
13.2 Data Protection Impact Assessments: When we plan to implement new processing activities that are likely to result in high risks to individual rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) as required by GDPR Article 35.
13.3 Records of Processing Activities: We maintain detailed records of our processing activities as required by GDPR Article 30, including the purposes of processing, categories of data subjects and personal data, recipients of data, data retention periods, and security measures.
13.4 Continuous Improvement: We continuously monitor GDPR guidance from supervisory authorities and the European Data Protection Board, and update our practices accordingly to ensure ongoing compliance with evolving interpretations and requirements.
At southernstarplay.com, we take your privacy and data protection rights seriously. We are fully committed to compliance with GDPR and to providing EU/EEA residents with the high level of protection that the regulation requires.
We believe that strong data protection is not just a legal obligation but a fundamental aspect of building trust with our users. Whether you are located in the EU, EEA, New Zealand, or anywhere else in the world, we apply consistent, high standards of data protection to all users.
If you have any questions, concerns, or requests regarding GDPR or how we process your personal data, please do not hesitate to contact us at support@southernstarplay.com. We are here to help and committed to addressing your inquiries promptly and thoroughly.
Thank you for trusting southernstarplay.com with your personal information. We are dedicated to protecting your privacy while providing you with an exceptional celestial entertainment experience.