🎁 Join our telegram channel for exclusive discounts!
Win Club Giveaway

Privacy Policy

Privacy Policy

Last updated: April 2026

Winclub Giveaway Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have.

1. Data Controller

The data controller for the purposes of applicable data protection law is:

Winclub Giveaway Ltd
Company Number: 17089174
Registered in England and Wales
Email: [email protected]

2. Categories of Personal Data We Collect

We collect and process the following categories of personal data:

Information you provide directly

  • Identity data: Full name, date of birth, gender (optional).
  • Contact data: Email address, telephone number, postal address.
  • Account data: Username, password (stored in hashed form), account preferences.
  • Transaction data: Details of Tickets purchased, Competition entries, cashback balances, referral history.
  • Communication data: Any correspondence you send to us via email or support channels.

Information collected automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution.
  • Usage data: Pages visited, time spent on pages, click patterns, referring URLs.
  • Cookie data: Information collected through cookies and similar technologies (see our Cookie Policy).

Information from third parties

  • Payment data: Transaction confirmations and payment status from our payment processor, Paytriot. We do not receive or store your full card number, CVV, or card expiry date.

3. Lawful Basis for Processing

We process your personal data on the following lawful bases under UK GDPR:

  • Contract (Article 6(1)(b)): Processing necessary to fulfil our contract with you when you purchase Tickets and enter Competitions (e.g., processing payments, assigning Ticket numbers, notifying winners, delivering prizes).
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests, provided those interests are not overridden by your rights. This includes fraud prevention, website security, improving our services, and internal analytics.
  • Legal obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as tax reporting, anti-money laundering regulations, and responding to lawful requests from authorities.
  • Consent (Article 6(1)(a)): Where you have given us specific consent, such as for receiving marketing emails, placing non-essential cookies, or sharing your name and image for promotional purposes as a winner. You may withdraw consent at any time.

4. Purposes of Processing

We use your personal data for the following purposes:

  • Creating and managing your account.
  • Processing Competition entries and assigning Ticket numbers.
  • Processing payments through our payment provider.
  • Sending Ticket confirmation emails and Draw result notifications.
  • Notifying and verifying winners, and arranging prize delivery.
  • Administering cashback rewards and the referral programme.
  • Responding to your enquiries and providing customer support.
  • Detecting and preventing fraud, unauthorised access, and other security incidents.
  • Analysing website usage to improve our services and user experience.
  • Complying with legal and regulatory obligations.
  • Sending marketing communications (with your consent only).
  • Publishing winner announcements (first name and last initial) on our Website and social media channels.

5. Sharing Your Data with Third Parties

We do not sell, rent, or trade your personal data. We share your data only with the following categories of third parties, and only to the extent necessary:

  • Paytriot (payment processor): To process your card payments securely. Paytriot is PCI-DSS Level 1 compliant.
  • Cloudflare (infrastructure and security): To deliver our Website securely, provide DDoS protection, and optimise performance. Cloudflare may process your IP address and technical data.
  • Google Tag Manager / Google Analytics: To collect anonymised usage data for website analytics and performance monitoring. Data is processed in accordance with Google's data processing terms.
  • Email service provider: To send transactional emails (Ticket confirmations, winner notifications) and marketing emails (with your consent).
  • Professional advisors: Accountants, auditors, and legal advisors who are bound by professional duties of confidentiality.
  • Law enforcement and regulatory bodies: Where we are required to do so by law, regulation, or court order.

6. International Data Transfers

Some of our third-party service providers (such as Google and Cloudflare) may process data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with an adequacy decision from the UK Secretary of State.
  • Standard contractual clauses approved by the Information Commissioner's Office (ICO).
  • Binding corporate rules where applicable.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected:

  • Account data: For as long as your account remains active, plus 12 months after account deletion to allow for reactivation requests.
  • Transaction and Competition data: For 6 years after your last transaction, as required for tax, accounting, and legal compliance.
  • Marketing consent records: For as long as consent is active, plus 12 months after withdrawal for record-keeping.
  • Technical and usage data: For up to 26 months from the date of collection.
  • Customer support correspondence: For 3 years from the date of the last communication.

When personal data is no longer required, it is securely deleted or anonymised.

8. Automated Decision Making

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you. Ticket number assignment is random and does not involve profiling. Winner selection is performed using a random number generator during a live broadcast and does not involve automated processing of personal data.

9. Children's Data

Our Website and Competitions are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly and void any associated Competition entries.

10. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access (Article 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): You may request that we correct any inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You may request that we delete your personal data, subject to our legal obligations to retain certain records.
  • Right to restrict processing (Article 18): You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to object (Article 21): You may object to the processing of your personal data where we rely on legitimate interests as the lawful basis.
  • Right to data portability (Article 20): You may request that we provide your personal data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one calendar month. In certain circumstances, we may extend this period by a further two months, in which case we will inform you within the initial one-month period.

11. Complaints to the ICO

If you are not satisfied with how we handle your personal data or respond to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us at [email protected] first.

12. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

  • SSL/TLS encryption for all data transmitted between your browser and our servers.
  • Password hashing using industry-standard algorithms.
  • Payment processing through PCI-DSS Level 1 compliant providers (Paytriot).
  • DDoS protection and Web Application Firewall via Cloudflare.
  • Regular security reviews and access controls.
  • Principle of least privilege for staff access to personal data.

No system is completely secure. In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the ICO in accordance with our legal obligations.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Material changes that affect how we process your data will be communicated to you via email where possible.

14. Contact Us

For any questions about this Privacy Policy or our data practices:

Email: [email protected]
General support: [email protected]
Winclub Giveaway Ltd, Company Number: 17089174, England and Wales.