Privacy Policy

Welcome to the Privacy Policy of Limitless Wins ('we', 'us', or 'our'). We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services. It also describes your rights under the General Data Protection Regulation (GDPR) and UK data protection laws.

By using our website and services, you agree to the collection and use of information in accordance with this Privacy Policy.

We are the data controller responsible for your personal data. Our contact details can be found at the end of this policy.

We collect several types of information for various purposes to provide and improve our service to you:

Personal Identification Information: Name, email address, phone number, date of birth, postal address, and proof of identity (e.g., driver's license or passport for winner verification).

Payment Information: Payment card details and billing address. This information is processed securely by our payment processor, Stripe, and we do not store full card details on our servers.

Account Information: Username, password (encrypted), account preferences, and competition entry history.

Technical Information: IP address, browser type and version, device type, operating system, page response times, download errors, and referring/exit pages.

Usage Information: Pages you visit on our website, time spent on pages, competition entries, and interaction with website features.

Marketing and Communications Data: Your preferences for receiving marketing communications and your communication preferences.

Winner Information: If you win a prize, we collect additional information necessary for prize fulfillment, including photographs and testimonials for promotional purposes.

We collect information through various methods:

Direct Interactions: When you create an account, enter a competition, purchase tickets, fill out forms, or contact our support team.

Automated Technologies: As you navigate our website, we automatically collect technical and usage data using cookies and similar technologies.

Third Parties: We may receive personal data from third-party analytics providers, payment processors, and fraud prevention services.

Public Sources: For winner verification, we may collect information from publicly available sources to confirm identity and eligibility.

We use your personal data for the following purposes:

To Provide Our Services: Processing your competition entries, managing your account, processing payments, conducting draws, and contacting winners.

To Improve Our Services: Analyzing how you use our website to improve functionality, user experience, and develop new features.

To Communicate With You: Sending confirmation emails, competition updates, winner notifications, and responding to your enquiries.

For Marketing: Sending promotional emails about new competitions and special offers (only if you have opted in). You can unsubscribe at any time.

For Security: Preventing fraud, protecting our website from malicious activity, and ensuring the security of your account.

For Legal Compliance: Meeting our legal obligations, including age verification, anti-money laundering checks, and responding to legal requests.

For Analytics: Understanding user behavior, measuring the effectiveness of our marketing campaigns, and making data-driven business decisions.

Under GDPR, we process your personal data on the following legal bases:

Contract Performance: Processing necessary to provide our services, such as managing your account and competition entries.

Consent: Where you have given explicit consent, such as for marketing communications or use of non-essential cookies.

Legal Obligation: Where we must process your data to comply with UK law, such as age verification and anti-money laundering requirements.

Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, website security, and improving our services, provided your rights and interests do not override these interests.

We may share your personal data with the following categories of recipients:

Service Providers: Third-party companies that provide services on our behalf, including payment processing (Stripe), email delivery, hosting, analytics, customer support, and prize fulfillment.

Regulatory Bodies: Government agencies, law enforcement, or regulatory authorities when required by law or to protect our legal rights.

Professional Advisors: Lawyers, accountants, and other professional advisors who assist us in running our business.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner.

Prize Suppliers: When you win a prize, we share your contact information with the supplier to arrange delivery.

Marketing Partners: Only with your explicit consent, we may share limited information with trusted partners for promotional purposes.

We do not sell your personal data to third parties. All third parties are required to protect your data in accordance with GDPR and our data processing agreements.

We take the security of your personal data seriously and implement appropriate technical and organizational measures:

Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS protocols. Passwords are hashed using industry-standard algorithms.

Access Controls: Access to personal data is restricted to authorized employees and contractors who need it to perform their duties.

Secure Payment Processing: Payment information is handled by Stripe, a PCI DSS Level 1 certified payment processor. We do not store full card details.

Regular Security Audits: We conduct regular security assessments and penetration testing to identify and address vulnerabilities.

Data Backup: Regular backups ensure data can be recovered in the event of a system failure.

Incident Response: We have procedures in place to detect, report, and respond to data breaches in accordance with GDPR requirements.

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. You are responsible for keeping your account credentials confidential.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account Data: Retained for the duration of your account and for 7 years after account closure to comply with legal obligations (e.g., tax records).

Competition Entries: Retained for 7 years after the competition closes to maintain records of draws and winners.

Winner Information: Retained indefinitely for promotional purposes (testimonials and winner galleries), unless you request removal.

Marketing Communications: Retained until you unsubscribe or for 2 years after your last interaction with us.

Website Usage Data: Typically retained for 12-24 months for analytics purposes.

After the retention period expires, we will securely delete or anonymize your personal data.

Under GDPR and UK data protection laws, you have the following rights:

Right of Access: You can request a copy of the personal data we hold about you.

Right to Rectification: You can ask us to correct any inaccurate or incomplete personal data.

Right to Erasure ('Right to be Forgotten'): You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing: You can ask us to limit how we use your personal data.

Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.

Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

Right to Lodge a Complaint: You can complain to the Information Commissioner's Office (ICO) if you believe we have mishandled your data.

To exercise any of these rights, please contact us using the details at the end of this policy. We will respond within one month.

Our website uses cookies and similar technologies to enhance your experience:

Essential Cookies: Necessary for the website to function, such as maintaining your session and remembering your login.

Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics).

Marketing Cookies: Used to deliver relevant advertisements and track campaign performance.

Preference Cookies: Remember your settings and preferences for a better user experience.

You can control cookie settings through your browser. Note that disabling certain cookies may affect website functionality.

For more information, please see our Cookie Policy.

Our website may contain links to third-party websites, such as social media platforms or prize supplier websites.

We are not responsible for the privacy practices of these third-party websites. We encourage you to read their privacy policies before providing any personal information.

Clicking on third-party links is at your own risk.

Our services are not intended for individuals under the age of 18.

We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

If we become aware that we have collected data from a child, we will take steps to delete that information as soon as possible.

Your personal data is primarily stored and processed within the United Kingdom and European Economic Area (EEA).

In some cases, we may transfer data to countries outside the UK/EEA, such as when using third-party service providers with servers in other locations.

Where we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission

• Adequacy decisions recognizing equivalent data protection standards

• Privacy Shield certification (where applicable)

We take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Any changes will be posted on this page with an updated 'Last Updated' date.

Significant changes will be communicated to you via email or a prominent notice on our website.

Your continued use of our services after changes are posted constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Data Protection Officer

Email: [email protected]

Address: Limitless Wins Ltd, 123 Competition Street, London, UK, SW1A 1AA

We aim to respond to all enquiries within 30 days.

Supervisory Authority:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: https://ico.org.uk

Phone: 0303 123 1113