Privacy Policy

Account data: When you register, we collect your name, email address, date of birth (for age verification), and optionally your city.

Entry data: When you enter a competition, we store your skill question answer, ticket numbers, and entry timestamp.

Payment data: Payment is processed by hosted bank-payment providers. We do not store online-banking credentials. We receive a transaction record including the amount, currency, and provider payment reference.

Usage data: We may collect standard server logs including IP address, browser type, and pages visited. This helps us maintain security and improve our service.

Communications: If you contact us, we retain records of that correspondence.

We use your personal data to:

• Process your competition entries and manage your account
• Send you order confirmations and draw notifications
• Notify you if you win a prize and arrange delivery
• Prevent fraud and enforce our Terms & Conditions
• Comply with our legal obligations
• Send you marketing emails (only with your consent, which you can withdraw at any time)

We rely on the following legal bases under the UK GDPR and the Data Protection Act 2018:

• Contract performance - processing your entry, managing your account, and delivering prizes
• Legal obligation - age verification, fraud prevention, and tax records
• Legitimate interests - fraud detection, security monitoring, and improving our service
• Consent - marketing communications (you can withdraw consent at any time)

We retain your account data for as long as your account is active. If you close your account, we delete personal data within 90 days, except where we are required to retain it for legal reasons, including financial records kept in line with applicable legal, tax, and accounting requirements.

Draw audit data (seed, hash, winner ID) is retained indefinitely as it forms part of the verifiable public record of our competitions.

We share your personal data only where necessary:

• Bank payment providers - payment processing. The selected provider's privacy policy applies to payment data.
• Supabase - our database and authentication provider, hosted in the EU.
• Courier/logistics providers - when shipping prizes, we share your name and delivery address.
• Law enforcement - if required by law or court order.

We never sell your personal data to third parties.

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Request data portability

To exercise any of these rights, contact us. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use essential cookies to maintain your session and authentication state. These are strictly necessary and cannot be disabled. We do not use tracking cookies or third-party advertising cookies.

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews. No system is completely secure, but we take our obligations seriously.

We may update this privacy policy from time to time. We will notify you of significant changes by email. The date at the top of this page shows when the policy was last updated.