Privacy Policy

2.1 Personal Identification Information

We collect personal information necessary to provide lottery services and comply with regulatory requirements:

• Identity Verification: Full name, date of birth, government-issued identification documents (driver's license, passport), and photograph for age verification (18+ requirement)
• Contact Information: Email address, phone number, residential address, and postal address
• Account Credentials: Username, password (encrypted), security questions, and authentication factors

2.2 Financial and Payment Information

• Payment Data: Credit/debit card information (processed securely through PCI-DSS compliant payment processors), bank account details for direct deposits, and transaction history
• Prize Information: Winning amounts, prize claim records, and taxation documentation as required by Australian law
• Financial Verification: Source of funds documentation for large prizes and anti-money laundering compliance

2.3 Lottery Participation Data

• Gaming Activity: Lottery tickets purchased, numbers selected, draw participation history, spending patterns, and gameplay preferences
• Responsible Gaming Data: Self-set spending limits, time limits, self-exclusion requests, and responsible gaming tool usage
• Winner Information: Prize win records, claim documentation, publicity preferences, and regulatory reporting data

2.4 Technical and Usage Information

• Device Information: IP address, device type, operating system, browser type, unique device identifiers
• Location Data: Geolocation information to verify service availability, locate retail lottery locations, and ensure compliance with jurisdictional restrictions
• Usage Analytics: Pages visited, features used, time spent on site, navigation patterns, and user interaction data
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies, and similar tracking technologies (see our Cookie Policy for details)

2.5 Communications and Support Data

• Customer Service Records: Support inquiries, complaints, feedback, chat transcripts, email correspondence, and phone call recordings (with notification)
• Marketing Preferences: Subscription choices, communication preferences, and opt-in/opt-out records

3.1 Service Provision

• Process lottery ticket purchases and manage your player account
• Conduct lottery draws and determine winners in accordance with draw rules
• Notify winners and process prize claims and payments
• Maintain comprehensive transaction records and audit trails

3.2 Age Verification and Legal Compliance

• Verify that all players are 18 years of age or older as required by Australian law
• Comply with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations
• Meet reporting obligations to Australian lottery regulatory authorities
• Respond to legal processes, court orders, and government requests

3.3 Responsible Gaming and Player Protection

• Implement and enforce spending and time limits set by players
• Process self-exclusion requests and maintain exclusion lists
• Monitor for signs of problem gambling and provide intervention support
• Provide access to responsible gaming resources and support services

3.4 Communications and Marketing

• Send transactional communications about your account, purchases, and prizes
• Provide customer support and respond to your inquiries
• Send marketing communications about lottery draws, jackpots, and promotions (with your consent and opt-out options)
• Deliver responsible gaming reminders and player welfare information

3.5 Service Improvement and Analytics

• Analyze website and service usage to improve user experience
• Conduct research and develop new features and services
• Optimize website performance, security, and functionality
• Prevent fraud, detect security threats, and protect player accounts

4.1 Regulatory Authorities and Government Agencies

As a licensed lottery operator, we are required to share information with:

• Australian Lottery Regulators: State and territory gaming authorities for licensing compliance and draw verification
• Tax Authorities: Australian Taxation Office (ATO) for prize reporting and taxation compliance
• Law Enforcement: Federal, state, and local law enforcement agencies when legally required or to prevent illegal activity
• AUSTRAC: Australian Transaction Reports and Analysis Centre for AML/CTF compliance

4.2 Service Providers and Business Partners

• Payment Processors: Secure payment gateway providers for processing transactions (subject to PCI-DSS compliance)
• Identity Verification Services: Third-party providers for age verification and fraud prevention
• Technology Vendors: Cloud hosting providers, database management services, and IT infrastructure partners
• Analytics Providers: Website analytics and performance monitoring services
• Customer Support Providers: Customer service platforms and support contractors

All third-party service providers are contractually bound to protect your information and use it only for specified purposes.

4.3 Lottery Operators and Draw Administrators

We share necessary information with official lottery draw operators to facilitate participation in multi-jurisdictional or national lottery games, including ticket purchase records and winner validation data.

4.4 Prize Winner Publicity

Winner information may be disclosed as follows:

• Winner name, suburb, and prize amount may be published for verification and promotional purposes
• Winners may be invited to participate in publicity events (participation is optional)
• Winners may request privacy protection under applicable lottery regulations

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the successor entity, subject to the same privacy protections outlined in this policy.

4.6 Consent-Based Sharing

We may share your information with other parties when you provide explicit consent for specific purposes not covered by this policy.

5.1 Technical Security Measures

• Encryption: SSL/TLS encryption for all data transmitted between your device and our servers; encryption at rest for stored sensitive data
• Access Controls: Multi-factor authentication, role-based access restrictions, and regular access audits
• Network Security: Firewalls, intrusion detection systems, and regular security monitoring
• Payment Security: PCI-DSS compliant payment processing; card data never stored on our servers
• Regular Updates: Security patches, software updates, and vulnerability assessments

5.2 Organizational Security Measures

• Employee Training: Mandatory privacy and security training for all staff members
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Incident Response: Established data breach response procedures and notification protocols
• Third-Party Audits: Regular independent security audits and compliance assessments

5.3 Your Security Responsibilities

To help protect your account and personal information:

• Keep your account credentials confidential and never share your password
• Use strong, unique passwords and enable multi-factor authentication when available
• Log out after using shared or public devices
• Report any suspicious activity or unauthorized access immediately
• Be cautious of phishing attempts and verify official communications

6.1 Retention Periods

• Account Information: Retained for the duration of your active account plus 7 years after account closure (regulatory requirement)
• Transaction Records: Maintained for 7 years from transaction date (Australian taxation and lottery regulations)
• Prize Claims: Winner information retained for 7 years (regulatory and taxation requirements)
• Responsible Gaming Data: Self-exclusion records maintained for the exclusion period plus 7 years
• Marketing Preferences: Retained until you withdraw consent or close your account
• Analytics Data: Anonymized usage data retained for up to 3 years for service improvement

6.2 Secure Disposal

When personal information is no longer required, we securely delete or anonymize the data using industry-standard methods to prevent recovery or reconstruction.

6.3 Legal Holds

In cases of legal proceedings, investigations, or disputes, we may retain relevant information beyond standard retention periods until the matter is resolved.

7.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your data in a commonly used format within 30 days of your request.

7.2 Right to Correction

If you believe any personal information we hold is inaccurate, incomplete, or outdated, you can request that we correct it. We will respond to correction requests within 30 days.

7.3 Right to Deletion

You may request deletion of your personal information, subject to our legal and regulatory retention obligations. Note that some information must be retained for 7 years under Australian lottery regulations.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal information in certain circumstances, such as when you contest the accuracy of data or object to processing.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another provider.

7.6 Right to Withdraw Consent

Where we process your data based on consent (such as marketing communications), you can withdraw that consent at any time without affecting prior processing.

7.7 Right to Object

You can object to certain types of processing, including direct marketing. We will honor all marketing opt-out requests immediately.

7.8 Right to Lodge a Complaint

If you believe we have not handled your personal information appropriately, you have the right to lodge a complaint with:

7.9 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer using the contact details provided in Section 13 of this policy. We will respond to your request within 30 days and provide clear explanations if we cannot fulfill your request.

8.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality, account access, and security
• Preference Cookies: Remember your settings and choices for improved user experience
• Analytics Cookies: Help us understand how visitors use our website to improve performance
• Marketing Cookies: Track your browsing to deliver relevant advertising (with your consent)

8.2 Managing Cookies

You can control and manage cookies through your browser settings. However, disabling certain cookies may affect website functionality and your ability to access some features. Visit our Cookie Policy for detailed management instructions.

8.3 Third-Party Analytics

We use third-party analytics services to analyze website traffic and user behavior. These services may use cookies and similar technologies. Analytics data is aggregated and anonymized for statistical purposes only.

9.1 Age Verification Enforcement

• Mandatory age verification at account registration using government-issued identification
• Immediate account suspension and termination if underage use is detected
• Prompt deletion of any information collected from users under 18
• Clear age restriction notices displayed throughout our website and services

9.2 Parental Responsibilities

Parents and guardians should supervise children's internet use, implement parental controls, and ensure minors do not access gambling websites. If you believe a minor has provided us with personal information, please contact us immediately.

9.3 Reporting Underage Access

If you suspect underage gaming activity, please report it immediately to our compliance team. We take all reports seriously and will investigate promptly.

10.1 Overseas Transfers

• Cloud Services: Some cloud infrastructure providers may store data on servers located outside Australia
• Payment Processing: International payment gateways for processing cross-border transactions
• Technology Vendors: Third-party service providers with international operations

10.2 Safeguards for Overseas Transfers

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Contractual obligations requiring equivalent privacy protection
• Transfer to countries with comparable privacy laws
• Use of standard contractual clauses or binding corporate rules
• Encryption during transfer and at rest

11.1 Notification of Changes

• Material changes will be notified via email to registered users
• Notice will be posted on our website homepage for 30 days
• The "Last Updated" date at the top of this policy will be revised
• Previous versions will be archived and available upon request

11.2 Your Options

If you do not agree with changes to this Privacy Policy, you may close your account. Continued use of our services after changes are posted constitutes acceptance of the updated policy.