This policy describes how we will collect and use personal data about you in accordance with the General Data Protection Regulation (GDPR) which came into force on 25th May 2018.
The Data Controller for all personal data collected by us is the Hampshire & Isle of Wight Opportunity Society Ltd (company number 04101449) whose registered office is at Mill Court, Furrlongs, Newport, Isle of Wight PO30 2AA. We are responsible for deciding what data we collect and how we hold and use your personal data. We will implement appropriate data security measures for protecting the data from unauthorised access and loss as laid out in the Security section of this Policy.
We obtain personal data about you when you subscribe to our lottery and when joining the lottery you consent to us using your personal data to fulfil the role of being entered into the weekly lottery draw and for keeping you up to date with prize winners and special draws.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing the retention period for holding your data we consider:-
Should it be necessary to use your personal data for a new purpose, we will notify you and obtain your consent accordingly.
The information that we hold for all our lottery players tends to be:-
We use this information for essential tasks such as:-
As a lottery, we are obligated to inform our lottery players of the results of the weekly draw and to publicise the winners’ information, however this will be restricted to sharing the winning lottery numbers only. We will not share any of your personal data unless we have obtained your consent to do so.
All of the information held is stored electronically in a secure location on the company server; access is only available to designated personnel and at the complete discretion of the directors.
We also hold data in paper format in order to maintain our accounting records as is required by law for 7 years. This physical data is held in locked filing cabinets in locked offices. Once paper records are no longer required to be held, they are securely shredded and disposed of by a third party who gives appropriate guarantees and certificates of secure disposal.
We take the security of our customer’s data very seriously and the data we do hold for accounts purposes is backed up securely.
Electronic documents are stored on the company server to enable us to provide copies if required. Access to these documents is only available to designated personnel and at the complete discretion of the Directors too.
We accept and therefore hold credit and debit card details for players where they have provided them to us. All such information is retained electronically but using encrypted software or is kept in locked cupboards in locked offices where access is restricted to designated personnel at the discretion of the directors. All cardholder’s receipts are shredded immediately after payment s have been processed.
We offer and process direct debits on our players behalf in accordance with the appropriate direct debit mandates they have supplied to us. The mandates are stored in a locked cabinet in a locked office where access is restricted to key personnel only. Approved and data secure software is used to hold and process these accounts.
If portable devices are used they are used to remotely access company data on our servers and they are subject to the same access restrictions, and any data stored is protected by the use of corporate logins and passwords as though the device was in the office.
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware of by contacting us.
We take great care to protect confidential third party data using the measures contained herein and continually review our systems to ensure the highest standards of data security.
You are entitled to request access to the information we hold about you and you have the right to withdraw your consent for the holding of your data at any time. Should you wish to with draw your consent please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purposes you originally agreed to.
If you wish to opt out of any correspondence we send you, please contact