Legal

Privacy Policy

How Fair Game collects, uses, stores, and protects your personal data โ€” in plain English. Your privacy matters and we take our obligations under UK GDPR seriously.

๐Ÿ“… Last updated: June 2026
Section 1

Who We Are

Fair Game Ltd is the data controller responsible for your personal data. We are registered in England and Wales and operate the competition platform at fairgamecompetitions.co.uk.

If you have any questions about this policy or how we handle your data, please contact us at privacy@fairgamecompetitions.co.uk.

UK GDPR: We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Section 2

What We Collect

We collect the following personal data when you use our platform:

Account Information

  • First and last name
  • Email address
  • Date of birth (to verify you are 18 or over)
  • Phone number (optional)
  • Postcode (optional, for prize delivery)
  • Encrypted password (we never store passwords in plain text)

Transaction Data

  • Ticket purchases โ€” competition, quantity, amount paid, date
  • Assigned ticket numbers
  • Payment method (Stripe or PayPal reference โ€” we do not store full card details)
  • Cashback balance and transaction history
  • Site credit balance

Responsible Gambling Data

  • Spending limits you set (daily, weekly, monthly)
  • Self-exclusion periods and status

Technical Data

  • IP address (for fraud prevention)
  • Browser type and device information
  • Session data and login timestamps
Section 3

How We Use It

We use your personal data for the following purposes:

  • Running your account โ€” registration, sign-in, profile management
  • Processing ticket purchases โ€” assigning unique ticket numbers, generating receipts
  • Delivering prizes โ€” contacting and verifying winners, arranging prize delivery
  • Email communications โ€” ticket confirmation emails, draw result notifications, new competition alerts (if opted in)
  • Responsible gambling โ€” enforcing spending limits and self-exclusions you have set
  • Age verification โ€” confirming you are 18 or over before allowing entry
  • Fraud prevention โ€” detecting and preventing fraudulent accounts or purchases
  • Legal compliance โ€” maintaining records as required by UK law
  • Improving our service โ€” understanding how our platform is used (aggregated, anonymised)
We do not sell your data. We never sell, rent, or trade your personal data to third parties for marketing purposes.
Section 4

Legal Basis for Processing

Under UK GDPR, we must have a legal basis for processing your personal data. We rely on the following:

  • Contract โ€” processing necessary to fulfil your competition entries and deliver prizes
  • Legal obligation โ€” age verification, fraud prevention, financial record-keeping
  • Legitimate interests โ€” platform security, fraud detection, service improvement
  • Consent โ€” marketing emails and SMS reminders (you can withdraw consent at any time)
Section 5

Who We Share Your Data With

We only share your data with third parties where necessary:

  • Supabase โ€” our database and authentication provider (data stored in EU/UK data centres)
  • Stripe โ€” payment processing. Stripe handles card data directly and is PCI-DSS compliant. We never see or store your full card details.
  • PayPal โ€” alternative payment processing, subject to PayPal's own privacy policy
  • SendGrid / email provider โ€” sending transactional emails (ticket numbers, receipts, draw results)
  • Law enforcement / regulators โ€” if required by law, court order, or to protect our legal rights
All third-party providers are contractually required to protect your data and only use it for the purpose we instruct.
Section 6

Cookies

We use cookies and similar technologies to keep you signed in and improve your experience. Types we use:

  • Essential cookies โ€” session management, authentication (required, cannot be disabled)
  • Analytics cookies โ€” understanding how the site is used (anonymised, opt-out available)
  • Payment cookies โ€” set by Stripe/PayPal when processing payments

You can manage cookie preferences through your browser settings. Disabling essential cookies will prevent you from signing in.

Section 7

Data Retention

We retain your data for the following periods:

  • Active account data โ€” for as long as your account is open
  • Transaction records โ€” 7 years (required for UK tax and accounting purposes)
  • Draw entry records โ€” 3 years after the draw date (for transparency and dispute resolution)
  • Marketing data โ€” until you unsubscribe or withdraw consent
  • Self-exclusion records โ€” retained even after account closure to prevent re-registration during exclusion period

When you request account deletion, we remove all data not required for legal compliance within 30 days.

Section 8

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access โ€” request a copy of all data we hold about you
  • Right to rectification โ€” correct inaccurate or incomplete data
  • Right to erasure โ€” request deletion of your data ("right to be forgotten")
  • Right to restrict processing โ€” limit how we use your data
  • Right to data portability โ€” receive your data in a machine-readable format
  • Right to object โ€” object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent โ€” withdraw marketing consent at any time without affecting other processing
To exercise any of these rights, contact us at privacy@fairgamecompetitions.co.uk. We will respond within 30 days. You can also export your entry data directly from My Account at any time.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Section 9

International Data Transfers

Your data is primarily stored within the UK and European Economic Area (EEA). Where we use third-party providers based outside the UK/EEA (such as some Stripe infrastructure), we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses (SCCs) approved by the ICO
  • Adequacy decisions recognised by the UK government
Section 10

Children

Our platform is strictly for adults aged 18 and over. We do not knowingly collect data from anyone under 18. If we discover an account belongs to a minor, it will be immediately closed and all data deleted.

We verify date of birth at registration and may request additional proof of age at any time.

Section 11

Security

We take data security seriously and implement the following measures:

  • All data transmitted over HTTPS (TLS encryption)
  • Passwords hashed using industry-standard algorithms โ€” never stored in plain text
  • Database access restricted by Row Level Security โ€” users can only access their own data
  • Payment processing handled entirely by PCI-DSS compliant providers (Stripe / PayPal) โ€” we never touch card data
  • Regular security reviews and access audits
  • Staff access to personal data limited to those who need it

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by email and update the "Last updated" date at the top of this page.

Continued use of our platform after changes are published constitutes acceptance of the updated policy.

Section 13

Contact Us

For any privacy-related queries, data subject requests, or complaints:

  • Email: privacy@fairgamecompetitions.co.uk
  • Post: Data Protection Officer, Fair Game Ltd, [Address]
  • ICO (complaints): ico.org.uk / 0303 123 1113

We aim to respond to all requests within 30 days.