Privacy Commitment

Effective date: 1 March 2026 — Last updated: 1 April 2026

OzLuckyDraw Pty Ltd (ABN 00 000 000 000) ("we", "us", "our") is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and store your personal information.

1. Information We Collect

We may collect the following categories of personal information:

  • Identity data: full name, date of birth, gender, photographic identification documents
  • Contact data: email address, telephone number, residential address
  • Account data: username, password (hashed), account preferences, self-exclusion settings
  • Financial data: bank account details, transaction history, deposit and withdrawal records
  • Technical data: IP address, browser type and version, device identifiers, operating system, time zone, referring URLs
  • Usage data: pages visited, games played, draw entries, session duration, click patterns
  • Responsible gambling data: deposit limits, self-exclusion periods, reality check preferences

2. How We Collect Information

We collect personal information:

  • Directly from you when you register, complete forms, purchase tickets, or contact support
  • Automatically through cookies, web beacons, and server logs when you use our platform
  • From third-party identity verification providers for KYC/AML compliance
  • From payment processors when you make deposits or withdrawals

3. Purpose of Collection

We use your personal information to:

  • Create and manage your account
  • Process ticket purchases, draw entries, and prize payments
  • Verify your identity and age (18+ requirement)
  • Comply with Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations
  • Administer responsible gambling tools (deposit limits, self-exclusion, reality checks)
  • Communicate service updates, draw results, and promotional offers (with your consent)
  • Detect and prevent fraud, security threats, and prohibited activities
  • Improve our platform, analyse usage trends, and conduct research
  • Comply with legal and regulatory obligations

4. Disclosure of Information

We may share your personal information with:

  • Payment processors: to facilitate deposits, withdrawals, and refunds
  • Identity verification providers: for KYC/AML checks
  • Regulatory authorities: as required by law, including gambling regulators and AUSTRAC
  • IT and cloud service providers: for hosting, data storage, and platform maintenance
  • Professional advisers: legal, audit, and compliance consultants
  • National self-exclusion registers: where applicable

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures including:

  • 256-bit TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular penetration testing and security audits
  • Role-based access controls and multi-factor authentication for staff
  • Data hosted in Australian-based ISO 27001 certified data centres

6. Data Retention

We retain your personal information for as long as your account is active, plus a minimum of seven (7) years following account closure to comply with AML/CTF record-keeping obligations. Transaction records are retained for a minimum of seven (7) years. You may request deletion of non-essential data at any time.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or outdated information
  • Opt out of marketing communications at any time
  • Request deletion of your personal information (subject to legal retention requirements)
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

8. Cookies and Tracking

We use cookies and similar technologies as described in our Cookie Usage. You can manage your cookie preferences through your browser settings.

9. Cross-Border Disclosure

Your information is primarily stored and processed in Australia. If we transfer data overseas (e.g., for cloud services), we ensure the recipient is subject to a law or binding scheme substantially similar to the APPs, or we obtain your consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our platform. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

For privacy inquiries, access requests, or complaints:

Privacy Officer
OzLuckyDraw Pty Ltd
Level 12, 100 George Street, Sydney NSW 2000
Email: privacy@ozluckydraw.com.au
Phone: 1300 695 825

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by phone on 1300 363 992.