Privacy Policy
PrizeCart Pty Ltd – Privacy Policy
PrizeCart Pty Ltd (ABN 47 688 017 692) (“PrizeCart”, “we”, “us” or “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal information in the course of our business, including through our website (prizecart.app) and our promotional services such as the PrizeCart instant win promotions (“Promotion”). It also outlines your rights and how you can contact us about privacy concerns.
By interacting with PrizeCart (for example, by entering one of our promotions or using our services), you consent to the handling of your personal information as described in this Policy. We adhere to the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth).
1. What Personal Information We Collect
We only collect personal information that is reasonably necessary for our functions and activities – primarily, running trade promotions and related services. The types of personal information we may collect include: - Identification details: such as your full name, email address, phone number, date of birth, and postal or delivery address. For example, when you enter a Promotion, we will ask for your name and contact information so we can identify you and notify you if you win. We may also collect your age or date of birth to ensure you are eligible (e.g., over 18). - Transaction details: if our Promotion is linked to a purchase, we might collect information about your purchase from a participating merchant, such as the date of purchase, amount spent, order number, and store name. This helps us verify your entry and calculate your number of entries (e.g., $5 = 1 entry). - Account or login details: if you register an account on our platform or website, we may collect a username and password, and possibly social media handles if login via social network. - Promotion-specific information:depending on the contest, we might collect content you submit or any preferences you provide about prizes. - Device and usage information: when you use our website or digital platform, we automatically collect some data through cookies or similar technologies. This may include IP address, device type, browser type, browsing actions on our site, and referral URLs. This info helps us understand how users engage with our site and improve our services. (See Section 7 on Cookies). - Marketing preferences: if you opt-in to receive marketing communications, we record that consent and your preferences (e.g., email newsletter subscribed, or opted out). - Communications with us: any correspondence or inquiries you send (emails, customer support chats, phone calls) may be stored, including your contact details and the content of the communication.
We do not collect sensitive information (such as racial/ethnic origin, health information, etc.) for our promotions. We will never require such info for you to participate. If you voluntarily provide any sensitive info (for example, telling us about a health issue that might require accommodation in a prize), we will treat it as confidential and only use it for the limited purpose for which you provided it (with your consent).
2. How We Collect Personal Information
We collect personal information in several ways: - Directly from you: Most data is collected when you knowingly provide it to us. For instance, when you fill out an entry form for a Promotion, create an account, contact us via a form or email, or otherwise submit information on our website or social media. - From participating merchants: In our promotions that involve partner stores, we may receive relevant purchase information from those merchants to validate entries. For example, if you enter a PrizeCart promotion by purchasing at Merchant A’s online store, Merchant A might share your order ID and email with us so we can match it with your entry. This is done under agreements ensuring the Merchant has the right to share that data with us for the Promotion. We may also receive confirmation from merchants if a prize we issue (like a voucher) is redeemed, for record-keeping. - Automated means: When you interact with our website, certain info is collected via cookies, analytics, and server logs (IP, device, etc., as mentioned). We may use third-party analytics tools (like Google Analytics) which gather usage data on our behalf (see Section 7). - From social media or referrals: If you engage with a PrizeCart promotion through social media (for example, clicking a Facebook ad or using a social login feature), we might receive your social media public profile info that you’ve agreed to share (like name, email from Facebook if you used it to log in). Also, if a friend refers you to our promotion via a referral link, we might record that referral relationship (who referred whom). - Through cookies and tracking technologies: As noted, our site uses cookies for functionality (like keeping you logged in) and for analyzing web traffic. These might also track when you’ve seen or clicked on an ad or promotion announcement of ours (so we measure campaign effectiveness).
If you choose not to provide certain personal information (e.g., you leave required fields blank on an entry form), you may not be able to participate in the promotion or receive a prize, or we may not be able to respond to your inquiry fully. We will always make clear what information is required versus optional.
3. Purpose of Collection – How We Use Personal Information
We use the personal information we collect for the following purposes: - Conducting Promotions and Contests: This is our primary purpose. We use entrant information to: - register and administer your entry (e.g., confirming you meet eligibility criteria); - allocate entries or chances to you based on your actions (like purchases); - run the random draw or instant win algorithms (which may involve associating your entry with a random outcome); - contact you if you are a winner or otherwise need to be notified (winner notification letters/emails, requesting further details for prize delivery); - verify your identity and entry (which might include using data from merchants or requesting proof like ID or receipt scans if needed to ensure fairness and prevent fraud); - deliver prizes to you (for instance, if you win, we need your address to send a parcel, or we email digital gift codes); - publish winner announcements (we may use your name/initials and state as required by law in winner lists – see Section 5 on Disclosure). - comply with legal requirements of promotional lotteries (like keeping a record of all entries and prizes, and providing reports to regulators if asked). - Providing our Services: If you have an account with us or use our platform regularly, we use your info to maintain your account, authenticate you at login, and personalize your experience (for example, remembering past promotions you participated in). - Customer Support and Communication: If you contact us with questions, feedback or complaints, we use your provided info to respond and help resolve issues. We might also proactively reach out to entrants to provide important updates about a promotion (e.g., if a prize draw date changed, or reminding winners to claim prizes). - Marketing (with consent): If you have consented (opted-in) to receive marketing communications from us, we will use your contact details to send you newsletters, updates on new promotions, special offers, or related products/services that may interest you. We might tailor these communications based on your participation history (for example, if you often enter tech gadget giveaways, we might send you news about similar upcoming promotions). You can opt-out at any time (see Section 6). - Promotional Analytics and Improvement: We use data (mostly aggregated or de-identified where possible) to analyze the effectiveness of our promotions and our platform. For example, we examine how many people enter from each merchant, at what times entries spike, which prizes are most popular, etc. We also track website usage data to improve site functionality and user experience (like detecting broken links or slow pages, or seeing what info pages entrants visit most so we can make those clearer). - Fraud Detection and Security: We may use personal info and technical data to monitor for any suspicious or fraudulent activity. For instance, we might detect if one person is creating multiple fake accounts or entries – we would analyze usage and entry patterns and IP addresses for that. If necessary, we may use that information to disqualify entries per our terms and to protect the integrity of our promotions. We also keep logs to investigate any attempted hacking or denial-of-service attacks and may share relevant info with cybersecurity consultants or law enforcement. - Legal Compliance: We might process your information where necessary to comply with legal obligations. For example: - Keeping records of all entries and winners for a certain period as required by state regulations (some states require records to be kept for several years[106]). - Responding to requests from regulatory authorities – e.g., if a state gambling regulator asks for winner details or proof of prize awarding, we will use and possibly disclose the data for that purpose. - Handling any legal claims – if there’s a legal dispute or inquiry involving you (like if you claim a prize was not delivered), we will use relevant data to address the issue (including in court or dispute resolution if it came to that).
We generally will not use your personal information for purposes other than those above without your consent, unless allowed or required by law. If we ever need to use information in a new way, we’ll update this Policy and, if required, seek your consent.
4. Disclosure of Personal Information
PrizeCart respects the confidentiality of your personal info and will disclose it only in certain situations. The parties or entities we may share information with are: - Promotion Partners (Participating Merchants): We may share with a participating merchant the list of their customers who entered via that merchant’s store, or prize redemption info if needed for them to honor something. For example, if you win a discount code or free item at Merchant’s store, we might inform that Merchant of your name or a unique code so they can validate it when you redeem. However, we do not generally give merchants our full entrant list or your contact info for their own marketing without your consent. If a Merchant requests confirmation of a particular entry (say to verify a suspicious transaction), we might confirm minimal necessary data. All participating merchants are bound by either our contractual terms or their own privacy obligations to not misuse data we share. - Prize Fulfillment and Delivery Providers: For physical prizes, we may share your name and address with a courier or postal service to deliver the item. For digital prizes provided by third parties (e.g., a gift card from an outside retailer), we may need to share your details with that third party to arrange issuance of the prize in your name. If a prize is provided directly by a sponsor (not common, but e.g., if a sponsor ships the prize to winner), we will share winner’s info with that sponsor only as needed to deliver the prize, and we will ensure they agree to use it solely for that purpose. - Service Providers (Data Processors): We use third-party companies to help us operate our business and the Promotion. These include: - IT and Hosting providers: companies that host our website, databases, and servers (which might include cloud services like AWS or Azure, etc.). They may store your data on their servers but can only process it per our instructions. - Email/SMS delivery services: to send out bulk notifications or winner emails, we may use services like MailChimp, SendGrid, or similar. They would have access to your email and name to send messages on our behalf. - Analytics services: Google Analytics or others may process usage data (IP, device info) as described above to provide usinsights. This may involve data going overseas (Google’s servers, etc., see Section 8 on overseas). - Customer support tools: if we use a CRM or helpdesk software, the information you provide in support queries might go through that tool. - Independent Scrutineer or Auditor: For regulatory compliance, we might engage an independent scrutineer (like a CPA or Justice of Peace) to audit the draw. They might see entrant names or winner names as part of verifying correct procedures. They are typically bound by confidentiality or professional obligations. - Marketing and Ad partners: If you have consented to marketing, we might use a marketing platform that manages our contact list and campaigns. Also, if we run targeted ads (e.g., on Facebook), we might provide hashed email addresses to the platform to create custom audiences (only if legally allowed and with consents). - These service providers are not allowed to use your information for their own purposes and are bound by contracts to handle data securely and confidentially. - Regulatory and Legal Authorities:We may disclose personal information when required by law or regulation, or when we believe in good faith that such disclosure is necessary to: - Comply with legal processes: e.g., responding to a court order, subpoena, or a lawful request by a government authority. - Comply with permit conditions: some permits (especially ACT/SA) might require us to submit a list of winners to the authority or allow inspection of records. We will comply with those obligations, which could involve disclosing info like winner’s name and prize to the regulator. - Enforce our terms or protect rights: if a participant is suspected of fraud or other unlawful activity in connection with our promotion, we might share relevant info with law enforcement or legal counsel to address the matter. Also, if necessary to protect and defend the rights, property, or safety of PrizeCart, our customers, or the public, we may disclose information (for example, providing evidence of attempted fraud to police). - Affiliated Companies: Currently, PrizeCart Pty Ltd is a single entity. If in the future PrizeCart forms subsidiaries, or is part of a group of related companies, we might share data within that corporate group as needed for the same purposes in this Policy. All group members would abide by this Policy. - Business Transfers: If PrizeCart is involved in a merger, acquisition, sale of assets, or any corporate reorganization, your personal information may be transferred to the new entity as part of that deal. We would ensure the new owner has to respect privacy in line with this Policy. We would notify users (for example, via a notice on our website or email) if a transfer affects how their data is handled or who is controlling it.
We do not sell your personal information to third parties for their own marketing use without your explicit consent. We may share de-identified or aggregated data (which can’t reasonably identify you) publicly or with partners – e.g., “20% of entrants were from Victoria” or “We had 10,000 entries in this campaign” – that kind of statistical info which does not contain personal details.
5. Disclosure of Winners Information
As part of running regulated promotions, we often must publish limited personal details of winners. For example: - For major prizes, we may need to publish the winner’s first initial, last name, and suburb or state on our website or in a newspaper within a certain time[93][13]. We will do this as required by each state’s regulations (and as outlined in the Promotion Terms & Conditions). - We might also announce winners (with their consent) on our social media pages or website, as part of promotion results. Typically we use minimal identifying info (e.g., “Congratulations to Jane D. from Brisbane!”). - By entering our promotions, you acknowledge that if you win, we may disclose your name in winner announcements as required by law or permitted by the promotion rules. We will not disclose personal information beyond what is necessary (we won’t publish your full address or contact info). - If you have specific concerns about your name being published, you can contact us. In some cases, regulators can grant exemptions for name publication (for instance, for safety reasons). We’ll handle such requests case by case, but we must follow the law.
6. Your Rights and Choices
- Access and Correction: You have the right to request access to personal information we hold about you. You also have the right to request corrections if any of that information is inaccurate, out-of-date, or incomplete. You can do this by contacting us (see Section 9). We will require verification of identity to release personal data (so we don’t accidentally give your info to someone else). We will respond to access requests within a reasonable period (usually 30 days). In some cases, we might not be able to provide full access (e.g., if it involves disclosing someone else’s personal info or if it’s subject to legal privilege), but we’ll explain the reasons. - If you have an online account with us, you may also log in and view or update basic information yourself (like updating your contact email, etc.). - For correction requests, if we agree the info is wrong, we will correct it and confirm to you. If we disagree (rare, e.g., you might say “I actually won that prize, not someone else” and records show otherwise), we’ll let you know and you can provide a statement which we’ll keep with the record noting your claim. - Opt-Out of Marketing: If you have subscribed to our marketing communications, you can opt-out at any time. Each marketing email will have an “Unsubscribe” link at the bottom – clicking that will remove you from future promotional mailings. You can also contact us directly to request removal. Note that transactional or operational emails (like winner notifications or account-related messages) are not subject to opt-out as they are not marketing – we only send those when necessary for service. - Withdraw Participation: If at any point you decide you no longer want to be part of a promotion (prior to its conclusion), you can contact us to withdraw your entry. Keep in mind if you withdraw, you forfeit any chance to win and any prizes not yet claimed. Also, if a permit requires us to keep entry records, we might archive your info rather than fully deleteuntil legally allowed, but we will mark you as withdrawn. - Deletion: You may request that we delete personal information we hold about you. This is often called the “right to erasure” or “right to be forgotten”. Note that this right is not absolute under Australian law, but we will honor deletion requests to the extent we can: - If you request deletion after a promotion has ended and your data is no longer needed, we will take reasonable steps to de-identify or destroy it if feasible. - If your data is still required for an ongoing promotion or by law (e.g., record-keeping requirements or if you were a winner, we might need to retain your info for audit/tax purposes), we may not immediately delete it. We’ll communicate with you about what can be deleted and what must be retained. - We may also retain certain minimal info to ensure we don’t inadvertently contact you again (e.g., keeping your email on a suppression list if you opted out). - Cookies and Tracking Controls: You can control cookies through your browser settings. You can usually configure your browser to reject some or all cookies, or to alert you when cookies are being used. However, rejecting cookies might affect our site functionality (like you may not be able to remain logged in, etc.). For analytics opt-out, Google provides a tool (the Google Analytics Opt-out Browser Add-on) if you don’t want to be tracked by Google Analytics on any site. - Anonymity/Pseudonymity: You have the option of not identifying yourself or using a pseudonym in certain interactions with us (for example, you could email customer support just signing as “John” without providing full details). However, for many of our services, especially entering promotions, it is impractical for us to serve you without certain personal details. For instance, we cannot award a prize to an anonymous entrant, and permits often require full names of winners. So while we respect anonymity in general inquiries, to actually enter and win, you will need to provide real identifying info. - Complaints: If you believe we have breached your privacy rights or the APPs, you have the right to make a complaint (see Section 9 on how we handle that).
We will never discriminate against you or deny you a service just because you exercised a privacy right. However, as noted, if you don’t allow us to use certain info, we might not be able to include you in a promotion (that’s a consequence of the service, not discrimination).
7. Cookies and Online Tracking
We use cookies and similar technologies on our website to enhance user experience and for analytics/advertising. Here’s more detail: - What are cookies? Cookies are small text files that a website saves on your device when you visit. They allow the site to remember your actions and preferences over a period of time. - Types of cookies we use: - Essential cookies: These are necessary for our site’s operation. For example, session cookies that keep you logged in as you navigate between pages, or that remember your promotion entries in a cart before submission. - Analytics cookies: These track aggregate site usage. For example, Google Analytics cookies track pages visited, time spent, referring sites, etc., but do not personally identify you to us. We use this information to understand traffic patterns and improve site content and layout. - Functionality cookies: These remember choices you made to give you better, more personalized features. E.g., maybe remembering your region or that you closed a pop-up so it doesn’t show again. - Advertising cookies: We don’t have third-party ads on our site, but we may use tracking cookies for our own marketing. For instance, a Facebook Pixel or Google Ads cookie might be present so that if you visited our site, we canlater show you our promotion ads on those platforms (a practice called retargeting). These cookies generally identify your browser or device, not you personally by name. - Third-Party Cookies: As mentioned, we might use third-party services that set cookies (e.g., Google, Facebook). They may also use those cookies for their own purposes according to their privacy policies. You can usually opt-out of targeted advertising via those platforms’ settings (e.g., Google’s Ads Settings, Facebook’s Ad preferences). - Managing Cookies: You can manage or delete cookies at your will. Most browsers allow you to refuse new cookies, delete existing ones, or notify you when new ones are set. Please refer to your browser’s help documentation. If you block all cookies from our site, some features might not function (like the login or entry form). - Do Not Track: Some browsers offer a “Do Not Track” (DNT) setting. At this time, our site does not respond to DNT signals in a uniform way, because there is not a consistent industry standard for compliance. We will treat DNT signals as if you have opted out of cookie-based tracking where feasible (for instance, we can ensure not to use your visits for retargeting ads if we detect DNT), but generally, the cookies will operate as described unless you disable them.
8. Cross-Border Disclosure
PrizeCart operates in Australia and our primary data storage is in Australia. However, some of our service providers or partners are located overseas or use global cloud infrastructure. This means personal information may be transferred to or accessible from other countries, including (but not limited to) the United States (where companies like Google, Facebook, Mailchimp, etc., have servers), the European Union, or Asia-Pacific regions (if we use any Asia-Pacific data centers).
When we transfer personal data outside of Australia, we take steps to ensure it remains protected. These steps include: - Only using reputable service providers who have robust security measures and, where possible, are subject to privacy regimes that are similar toAustralia’s or are certified under frameworks like the EU Standard Contractual Clauses or the APEC Cross-Border Privacy Rules. - Contractually obliging foreign recipients to handle the information in accordance with our instructions and this Privacy Policy, and to use it only for the purpose it was provided. - For example: - Google Analytics data may be processed on Google’s global servers, possibly in the USA or elsewhere. Google is bound by its privacy and security commitments under its terms with us. - If we email via Mailchimp (US-based), they have Standard Contractual Clauses in place and are experienced with privacy compliance. - Cloud hosting (if on AWS, for instance) might replicate data in multiple regions for backup, but AWS has a strong security and privacy compliance program.
By providing us with your personal information or entering our promotions, you consent to the possibility of such international transfers. We will not transfer your personal information to a foreign entity if it is known to be legally prohibited from protecting it (i.e., we won’t knowingly send your info to a country with no privacy law and an entity that won’t safeguard it). If you have concerns about particular overseas locations, please contact us for more information.
9. How We Protect Personal Information
PrizeCart takes the security of your data seriously. We implement a variety of administrative, technical, and physical safeguards to protect the personal information we hold against loss, theft, and unauthorized access, use, modification, or disclosure. These measures include: - Access Controls: Personal information is stored in secure systems that are password-protected and accessible only by authorized personnel who require access to perform their duties (e.g., our promotion management team, IT administrators). We follow the principle of least privilege – staff only get access to the data they absolutely need. - Encryption: Our website has SSL/TLS encryption (HTTPS) to protect data in transit between your browser and our server (so entry forms and login credentials are encrypted during transmission). Sensitive fields (like passwords) are hashed/encrypted in our database. For certain high-risk data (e.g., if we ever collected ID scans or bank details for prize distribution), we would encrypt those at rest. - Firewalls and Security Monitoring: Our servers are protected by firewalls. We employ anti-malware tools and intrusion detection systems to monitor for suspicious activities. We keep software and platforms updated with security patches. - Anonymization/De-identification: Where possible, we de-identify data that we don’t need in personal form. For example, after a promotion, we might strip names/emails from entry data and just keep aggregated stats. When using data for analytics or trend analysis, we use anonymized datasets. - Physical Security: If any personal info is stored in physical form (like paper winner declarations or permit paperwork), it is kept in a secure location (locked cabinets in a restricted office area). Our offices also have controlled access. - Training and Policies: Our staff are trained on privacy obligations and how to handle personal data properly. We have internal policies on data protection and require any new team members to agree to confidentiality. - Data Retention: We do not keep personal data longer than necessary for our business and legal requirements. When personal info is no longer needed, we securely destroy or de-identify it. For example, entrant data from a promotion may be deleted a certain time after the promotion ends (taking into account things like statute of limitations for any legal claims or permit audit time frames). Winner information might be retained longer if required for tax or regulatory reasons. - Incident Response: Despite best efforts, no system is completely foolproof. We have a data breach response plan. If we suspect or become aware of a data breach that is likely to result in serious harm, we will promptly investigate and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under the Privacy Act. This includes detailing what data was involved, the likely consequences, and the steps we are taking to mitigate harm and prevent recurrence.
While we strive to protect your information, it’s important for you as well to take precautions. Please keep your account credentials confidential and notify us immediately if you suspect any unauthorized use of your account or a potential security issue. We will never ask you for your password via email or phone – be cautious of phishing attempts.
10. Links to Other Websites
Our website or communications might contain links to third-party websites (for example, a sponsor’s site, or social media pages). Please note that those websites are not controlled by PrizeCart and have their own privacy policies. We are not responsible for the content or privacy practices of external sites. If you click on an external link, we encourage you to read that site’s privacy policy to understand how they will handle your data. This Privacy Policy applies solely to personal info collected by PrizeCart.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. When we make material changes, we will notify users by posting a prominent notice on our website or, if appropriate, by sending an email notification. The “last updated” date at the top will be revised accordingly. We encourage you to review this page periodically to stay informed about how we are protecting your information. By continuing to use our services or participate in our promotions after any changes take effect, you will be deemed to have accepted the revised policy.
12. Contact Us and Privacy Complaints
If you: - have any questions or comments about this Privacy Policy or how we handle your information, - want to access or correct your personal info we hold, - wish to opt out of marketing or make a data-related request, - or have a concern or complaint about your privacy (e.g., you believe we have breached the APPs or mishandled your data),
please contact our Privacy Officer:
Email: support@prizecart.app
We take privacy complaints seriously. If you lodge a complaint: - We will acknowledge your complaint within 5 business days. - Our Privacy Officer (or delegate) will investigate the matter by reviewing our relevant records and speaking with the concerned teams. - We may contact you to request more details or clarification if needed. - We aim to provide a written response within 30 days of receiving the complaint, outlining the outcome of our investigation and any actions we will take to address the issue. If we need more time (due to complexity), we will inform you of the delay and reason. - If a breach is confirmed, we will take prompt steps to rectify it and prevent reoccurrence (such as improving procedures or training). We will also inform you of measures taken.
If you are not satisfied with our response to a privacy issue or complaint, you have the right to escalate the matter to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted via: - Website: www.oaic.gov.au (which has an online privacy complaint form) - Phone: 1300 363 992 - Email: enquiries@oaic.gov.au
We would appreciate the chance to resolve your concerns first, but you may contact the OAIC at any time.
Thank you for taking the time to read our Privacy Policy. We value your trust and strive to protect your personal information.
Privacy Policy
PrizeCart Pty Ltd – Privacy Policy
PrizeCart Pty Ltd (ABN 47 688 017 692) (“PrizeCart”, “we”, “us” or “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal information in the course of our business, including through our website (prizecart.app) and our promotional services such as the PrizeCart instant win promotions (“Promotion”). It also outlines your rights and how you can contact us about privacy concerns.By interacting with PrizeCart (for example, by entering one of our promotions or using our services), you consent to the handling of your personal information as described in this Policy. We adhere to the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth).
1. What Personal Information We Collect
We only collect personal information that is reasonably necessary for our functions and activities – primarily, running trade promotions and related services. The types of personal information we may collect include: - Identification details: such as your full name, email address, phone number, date of birth, and postal or delivery address. For example, when you enter a Promotion, we will ask for your name and contact information so we can identify you and notify you if you win. We may also collect your age or date of birth to ensure you are eligible (e.g., over 18). - Transaction details: if our Promotion is linked to a purchase, we might collect information about your purchase from a participating merchant, such as the date of purchase, amount spent, order number, and store name. This helps us verify your entry and calculate your number of entries (e.g., $5 = 1 entry). - Account or login details: if you register an account on our platform or website, we may collect a username and password, and possibly social media handles if login via social network. - Promotion-specific information:depending on the contest, we might collect content you submit or any preferences you provide about prizes. - Device and usage information: when you use our website or digital platform, we automatically collect some data through cookies or similar technologies. This may include IP address, device type, browser type, browsing actions on our site, and referral URLs. This info helps us understand how users engage with our site and improve our services. (See Section 7 on Cookies). - Marketing preferences: if you opt-in to receive marketing communications, we record that consent and your preferences (e.g., email newsletter subscribed, or opted out). - Communications with us: any correspondence or inquiries you send (emails, customer support chats, phone calls) may be stored, including your contact details and the content of the communication.We do not collect sensitive information (such as racial/ethnic origin, health information, etc.) for our promotions. We will never require such info for you to participate. If you voluntarily provide any sensitive info (for example, telling us about a health issue that might require accommodation in a prize), we will treat it as confidential and only use it for the limited purpose for which you provided it (with your consent).2. How We Collect Personal Information
We collect personal information in several ways: - Directly from you: Most data is collected when you knowingly provide it to us. For instance, when you fill out an entry form for a Promotion, create an account, contact us via a form or email, or otherwise submit information on our website or social media. - From participating merchants: In our promotions that involve partner stores, we may receive relevant purchase information from those merchants to validate entries. For example, if you enter a PrizeCart promotion by purchasing at Merchant A’s online store, Merchant A might share your order ID and email with us so we can match it with your entry. This is done under agreements ensuring the Merchant has the right to share that data with us for the Promotion. We may also receive confirmation from merchants if a prize we issue (like a voucher) is redeemed, for record-keeping. - Automated means: When you interact with our website, certain info is collected via cookies, analytics, and server logs (IP, device, etc., as mentioned). We may use third-party analytics tools (like Google Analytics) which gather usage data on our behalf (see Section 7). - From social media or referrals: If you engage with a PrizeCart promotion through social media (for example, clicking a Facebook ad or using a social login feature), we might receive your social media public profile info that you’ve agreed to share (like name, email from Facebook if you used it to log in). Also, if a friend refers you to our promotion via a referral link, we might record that referral relationship (who referred whom). - Through cookies and tracking technologies: As noted, our site uses cookies for functionality (like keeping you logged in) and for analyzing web traffic. These might also track when you’ve seen or clicked on an ad or promotion announcement of ours (so we measure campaign effectiveness).If you choose not to provide certain personal information (e.g., you leave required fields blank on an entry form), you may not be able to participate in the promotion or receive a prize, or we may not be able to respond to your inquiry fully. We will always make clear what information is required versus optional.
3. Purpose of Collection – How We Use Personal Information
We use the personal information we collect for the following purposes: - Conducting Promotions and Contests: This is our primary purpose. We use entrant information to: - register and administer your entry (e.g., confirming you meet eligibility criteria); - allocate entries or chances to you based on your actions (like purchases); - run the random draw or instant win algorithms (which may involve associating your entry with a random outcome); - contact you if you are a winner or otherwise need to be notified (winner notification letters/emails, requesting further details for prize delivery); - verify your identity and entry (which might include using data from merchants or requesting proof like ID or receipt scans if needed to ensure fairness and prevent fraud); - deliver prizes to you (for instance, if you win, we need your address to send a parcel, or we email digital gift codes); - publish winner announcements (we may use your name/initials and state as required by law in winner lists – see Section 5 on Disclosure). - comply with legal requirements of promotional lotteries (like keeping a record of all entries and prizes, and providing reports to regulators if asked). - Providing our Services: If you have an account with us or use our platform regularly, we use your info to maintain your account, authenticate you at login, and personalize your experience (for example, remembering past promotions you participated in). - Customer Support and Communication: If you contact us with questions, feedback or complaints, we use your provided info to respond and help resolve issues. We might also proactively reach out to entrants to provide important updates about a promotion (e.g., if a prize draw date changed, or reminding winners to claim prizes). - Marketing (with consent): If you have consented (opted-in) to receive marketing communications from us, we will use your contact details to send you newsletters, updates on new promotions, special offers, or related products/services that may interest you. We might tailor these communications based on your participation history (for example, if you often enter tech gadget giveaways, we might send you news about similar upcoming promotions). You can opt-out at any time (see Section 6). - Promotional Analytics and Improvement: We use data (mostly aggregated or de-identified where possible) to analyze the effectiveness of our promotions and our platform. For example, we examine how many people enter from each merchant, at what times entries spike, which prizes are most popular, etc. We also track website usage data to improve site functionality and user experience (like detecting broken links or slow pages, or seeing what info pages entrants visit most so we can make those clearer). - Fraud Detection and Security: We may use personal info and technical data to monitor for any suspicious or fraudulent activity. For instance, we might detect if one person is creating multiple fake accounts or entries – we would analyze usage and entry patterns and IP addresses for that. If necessary, we may use that information to disqualify entries per our terms and to protect the integrity of our promotions. We also keep logs to investigate any attempted hacking or denial-of-service attacks and may share relevant info with cybersecurity consultants or law enforcement. - Legal Compliance: We might process your information where necessary to comply with legal obligations. For example: - Keeping records of all entries and winners for a certain period as required by state regulations (some states require records to be kept for several years[106]). - Responding to requests from regulatory authorities – e.g., if a state gambling regulator asks for winner details or proof of prize awarding, we will use and possibly disclose the data for that purpose. - Handling any legal claims – if there’s a legal dispute or inquiry involving you (like if you claim a prize was not delivered), we will use relevant data to address the issue (including in court or dispute resolution if it came to that).We generally will not use your personal information for purposes other than those above without your consent, unless allowed or required by law. If we ever need to use information in a new way, we’ll update this Policy and, if required, seek your consent.
4. Disclosure of Personal Information
PrizeCart respects the confidentiality of your personal info and will disclose it only in certain situations. The parties or entities we may share information with are: - Promotion Partners (Participating Merchants): We may share with a participating merchant the list of their customers who entered via that merchant’s store, or prize redemption info if needed for them to honor something. For example, if you win a discount code or free item at Merchant’s store, we might inform that Merchant of your name or a unique code so they can validate it when you redeem. However, we do not generally give merchants our full entrant list or your contact info for their own marketing without your consent. If a Merchant requests confirmation of a particular entry (say to verify a suspicious transaction), we might confirm minimal necessary data. All participating merchants are bound by either our contractual terms or their own privacy obligations to not misuse data we share. - Prize Fulfillment and Delivery Providers: For physical prizes, we may share your name and address with a courier or postal service to deliver the item. For digital prizes provided by third parties (e.g., a gift card from an outside retailer), we may need to share your details with that third party to arrange issuance of the prize in your name. If a prize is provided directly by a sponsor (not common, but e.g., if a sponsor ships the prize to winner), we will share winner’s info with that sponsor only as needed to deliver the prize, and we will ensure they agree to use it solely for that purpose. - Service Providers (Data Processors): We use third-party companies to help us operate our business and the Promotion. These include: - IT and Hosting providers: companies that host our website, databases, and servers (which might include cloud services like AWS or Azure, etc.). They may store your data on their servers but can only process it per our instructions. - Email/SMS delivery services: to send out bulk notifications or winner emails, we may use services like MailChimp, SendGrid, or similar. They would have access to your email and name to send messages on our behalf. - Analytics services: Google Analytics or others may process usage data (IP, device info) as described above to provide usinsights. This may involve data going overseas (Google’s servers, etc., see Section 8 on overseas). - Customer support tools: if we use a CRM or helpdesk software, the information you provide in support queries might go through that tool. - Independent Scrutineer or Auditor: For regulatory compliance, we might engage an independent scrutineer (like a CPA or Justice of Peace) to audit the draw. They might see entrant names or winner names as part of verifying correct procedures. They are typically bound by confidentiality or professional obligations. - Marketing and Ad partners: If you have consented to marketing, we might use a marketing platform that manages our contact list and campaigns. Also, if we run targeted ads (e.g., on Facebook), we might provide hashed email addresses to the platform to create custom audiences (only if legally allowed and with consents). - These service providers are not allowed to use your information for their own purposes and are bound by contracts to handle data securely and confidentially. - Regulatory and Legal Authorities:We may disclose personal information when required by law or regulation, or when we believe in good faith that such disclosure is necessary to: - Comply with legal processes: e.g., responding to a court order, subpoena, or a lawful request by a government authority. - Comply with permit conditions: some permits (especially ACT/SA) might require us to submit a list of winners to the authority or allow inspection of records. We will comply with those obligations, which could involve disclosing info like winner’s name and prize to the regulator. - Enforce our terms or protect rights: if a participant is suspected of fraud or other unlawful activity in connection with our promotion, we might share relevant info with law enforcement or legal counsel to address the matter. Also, if necessary to protect and defend the rights, property, or safety of PrizeCart, our customers, or the public, we may disclose information (for example, providing evidence of attempted fraud to police). - Affiliated Companies: Currently, PrizeCart Pty Ltd is a single entity. If in the future PrizeCart forms subsidiaries, or is part of a group of related companies, we might share data within that corporate group as needed for the same purposes in this Policy. All group members would abide by this Policy. - Business Transfers: If PrizeCart is involved in a merger, acquisition, sale of assets, or any corporate reorganization, your personal information may be transferred to the new entity as part of that deal. We would ensure the new owner has to respect privacy in line with this Policy. We would notify users (for example, via a notice on our website or email) if a transfer affects how their data is handled or who is controlling it.We do not sell your personal information to third parties for their own marketing use without your explicit consent. We may share de-identified or aggregated data (which can’t reasonably identify you) publicly or with partners – e.g., “20% of entrants were from Victoria” or “We had 10,000 entries in this campaign” – that kind of statistical info which does not contain personal details.
5. Disclosure of Winners Information
As part of running regulated promotions, we often must publish limited personal details of winners. For example: - For major prizes, we may need to publish the winner’s first initial, last name, and suburb or state on our website or in a newspaper within a certain time[93][13]. We will do this as required by each state’s regulations (and as outlined in the Promotion Terms & Conditions). - We might also announce winners (with their consent) on our social media pages or website, as part of promotion results. Typically we use minimal identifying info (e.g., “Congratulations to Jane D. from Brisbane!”). - By entering our promotions, you acknowledge that if you win, we may disclose your name in winner announcements as required by law or permitted by the promotion rules. We will not disclose personal information beyond what is necessary (we won’t publish your full address or contact info). - If you have specific concerns about your name being published, you can contact us. In some cases, regulators can grant exemptions for name publication (for instance, for safety reasons). We’ll handle such requests case by case, but we must follow the law.
6. Your Rights and Choices
- Access and Correction: You have the right to request access to personal information we hold about you. You also have the right to request corrections if any of that information is inaccurate, out-of-date, or incomplete. You can do this by contacting us (see Section 9). We will require verification of identity to release personal data (so we don’t accidentally give your info to someone else). We will respond to access requests within a reasonable period (usually 30 days). In some cases, we might not be able to provide full access (e.g., if it involves disclosing someone else’s personal info or if it’s subject to legal privilege), but we’ll explain the reasons. - If you have an online account with us, you may also log in and view or update basic information yourself (like updating your contact email, etc.). - For correction requests, if we agree the info is wrong, we will correct it and confirm to you. If we disagree (rare, e.g., you might say “I actually won that prize, not someone else” and records show otherwise), we’ll let you know and you can provide a statement which we’ll keep with the record noting your claim. - Opt-Out of Marketing: If you have subscribed to our marketing communications, you can opt-out at any time. Each marketing email will have an “Unsubscribe” link at the bottom – clicking that will remove you from future promotional mailings. You can also contact us directly to request removal. Note that transactional or operational emails (like winner notifications or account-related messages) are not subject to opt-out as they are not marketing – we only send those when necessary for service. - Withdraw Participation: If at any point you decide you no longer want to be part of a promotion (prior to its conclusion), you can contact us to withdraw your entry. Keep in mind if you withdraw, you forfeit any chance to win and any prizes not yet claimed. Also, if a permit requires us to keep entry records, we might archive your info rather than fully deleteuntil legally allowed, but we will mark you as withdrawn. - Deletion: You may request that we delete personal information we hold about you. This is often called the “right to erasure” or “right to be forgotten”. Note that this right is not absolute under Australian law, but we will honor deletion requests to the extent we can: - If you request deletion after a promotion has ended and your data is no longer needed, we will take reasonable steps to de-identify or destroy it if feasible. - If your data is still required for an ongoing promotion or by law (e.g., record-keeping requirements or if you were a winner, we might need to retain your info for audit/tax purposes), we may not immediately delete it. We’ll communicate with you about what can be deleted and what must be retained. - We may also retain certain minimal info to ensure we don’t inadvertently contact you again (e.g., keeping your email on a suppression list if you opted out). - Cookies and Tracking Controls: You can control cookies through your browser settings. You can usually configure your browser to reject some or all cookies, or to alert you when cookies are being used. However, rejecting cookies might affect our site functionality (like you may not be able to remain logged in, etc.). For analytics opt-out, Google provides a tool (the Google Analytics Opt-out Browser Add-on) if you don’t want to be tracked by Google Analytics on any site. - Anonymity/Pseudonymity: You have the option of not identifying yourself or using a pseudonym in certain interactions with us (for example, you could email customer support just signing as “John” without providing full details). However, for many of our services, especially entering promotions, it is impractical for us to serve you without certain personal details. For instance, we cannot award a prize to an anonymous entrant, and permits often require full names of winners. So while we respect anonymity in general inquiries, to actually enter and win, you will need to provide real identifying info. - Complaints: If you believe we have breached your privacy rights or the APPs, you have the right to make a complaint (see Section 9 on how we handle that).We will never discriminate against you or deny you a service just because you exercised a privacy right. However, as noted, if you don’t allow us to use certain info, we might not be able to include you in a promotion (that’s a consequence of the service, not discrimination).
7. Cookies and Online Tracking
We use cookies and similar technologies on our website to enhance user experience and for analytics/advertising. Here’s more detail: - What are cookies? Cookies are small text files that a website saves on your device when you visit. They allow the site to remember your actions and preferences over a period of time. - Types of cookies we use: - Essential cookies: These are necessary for our site’s operation. For example, session cookies that keep you logged in as you navigate between pages, or that remember your promotion entries in a cart before submission. - Analytics cookies: These track aggregate site usage. For example, Google Analytics cookies track pages visited, time spent, referring sites, etc., but do not personally identify you to us. We use this information to understand traffic patterns and improve site content and layout. - Functionality cookies: These remember choices you made to give you better, more personalized features. E.g., maybe remembering your region or that you closed a pop-up so it doesn’t show again. - Advertising cookies: We don’t have third-party ads on our site, but we may use tracking cookies for our own marketing. For instance, a Facebook Pixel or Google Ads cookie might be present so that if you visited our site, we canlater show you our promotion ads on those platforms (a practice called retargeting). These cookies generally identify your browser or device, not you personally by name. - Third-Party Cookies: As mentioned, we might use third-party services that set cookies (e.g., Google, Facebook). They may also use those cookies for their own purposes according to their privacy policies. You can usually opt-out of targeted advertising via those platforms’ settings (e.g., Google’s Ads Settings, Facebook’s Ad preferences). - Managing Cookies: You can manage or delete cookies at your will. Most browsers allow you to refuse new cookies, delete existing ones, or notify you when new ones are set. Please refer to your browser’s help documentation. If you block all cookies from our site, some features might not function (like the login or entry form). - Do Not Track: Some browsers offer a “Do Not Track” (DNT) setting. At this time, our site does not respond to DNT signals in a uniform way, because there is not a consistent industry standard for compliance. We will treat DNT signals as if you have opted out of cookie-based tracking where feasible (for instance, we can ensure not to use your visits for retargeting ads if we detect DNT), but generally, the cookies will operate as described unless you disable them.
8. Cross-Border Disclosure
PrizeCart operates in Australia and our primary data storage is in Australia. However, some of our service providers or partners are located overseas or use global cloud infrastructure. This means personal information may be transferred to or accessible from other countries, including (but not limited to) the United States (where companies like Google, Facebook, Mailchimp, etc., have servers), the European Union, or Asia-Pacific regions (if we use any Asia-Pacific data centers).When we transfer personal data outside of Australia, we take steps to ensure it remains protected. These steps include: - Only using reputable service providers who have robust security measures and, where possible, are subject to privacy regimes that are similar toAustralia’s or are certified under frameworks like the EU Standard Contractual Clauses or the APEC Cross-Border Privacy Rules. - Contractually obliging foreign recipients to handle the information in accordance with our instructions and this Privacy Policy, and to use it only for the purpose it was provided. - For example: - Google Analytics data may be processed on Google’s global servers, possibly in the USA or elsewhere. Google is bound by its privacy and security commitments under its terms with us. - If we email via Mailchimp (US-based), they have Standard Contractual Clauses in place and are experienced with privacy compliance. - Cloud hosting (if on AWS, for instance) might replicate data in multiple regions for backup, but AWS has a strong security and privacy compliance program.By providing us with your personal information or entering our promotions, you consent to the possibility of such international transfers. We will not transfer your personal information to a foreign entity if it is known to be legally prohibited from protecting it (i.e., we won’t knowingly send your info to a country with no privacy law and an entity that won’t safeguard it). If you have concerns about particular overseas locations, please contact us for more information.
9. How We Protect Personal Information
PrizeCart takes the security of your data seriously. We implement a variety of administrative, technical, and physical safeguards to protect the personal information we hold against loss, theft, and unauthorized access, use, modification, or disclosure. These measures include: - Access Controls: Personal information is stored in secure systems that are password-protected and accessible only by authorized personnel who require access to perform their duties (e.g., our promotion management team, IT administrators). We follow the principle of least privilege – staff only get access to the data they absolutely need. - Encryption: Our website has SSL/TLS encryption (HTTPS) to protect data in transit between your browser and our server (so entry forms and login credentials are encrypted during transmission). Sensitive fields (like passwords) are hashed/encrypted in our database. For certain high-risk data (e.g., if we ever collected ID scans or bank details for prize distribution), we would encrypt those at rest. - Firewalls and Security Monitoring: Our servers are protected by firewalls. We employ anti-malware tools and intrusion detection systems to monitor for suspicious activities. We keep software and platforms updated with security patches. - Anonymization/De-identification: Where possible, we de-identify data that we don’t need in personal form. For example, after a promotion, we might strip names/emails from entry data and just keep aggregated stats. When using data for analytics or trend analysis, we use anonymized datasets. - Physical Security: If any personal info is stored in physical form (like paper winner declarations or permit paperwork), it is kept in a secure location (locked cabinets in a restricted office area). Our offices also have controlled access. - Training and Policies: Our staff are trained on privacy obligations and how to handle personal data properly. We have internal policies on data protection and require any new team members to agree to confidentiality. - Data Retention: We do not keep personal data longer than necessary for our business and legal requirements. When personal info is no longer needed, we securely destroy or de-identify it. For example, entrant data from a promotion may be deleted a certain time after the promotion ends (taking into account things like statute of limitations for any legal claims or permit audit time frames). Winner information might be retained longer if required for tax or regulatory reasons. - Incident Response: Despite best efforts, no system is completely foolproof. We have a data breach response plan. If we suspect or become aware of a data breach that is likely to result in serious harm, we will promptly investigate and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under the Privacy Act. This includes detailing what data was involved, the likely consequences, and the steps we are taking to mitigate harm and prevent recurrence.While we strive to protect your information, it’s important for you as well to take precautions. Please keep your account credentials confidential and notify us immediately if you suspect any unauthorized use of your account or a potential security issue. We will never ask you for your password via email or phone – be cautious of phishing attempts.
10. Links to Other Websites
Our website or communications might contain links to third-party websites (for example, a sponsor’s site, or social media pages). Please note that those websites are not controlled by PrizeCart and have their own privacy policies. We are not responsible for the content or privacy practices of external sites. If you click on an external link, we encourage you to read that site’s privacy policy to understand how they will handle your data. This Privacy Policy applies solely to personal info collected by PrizeCart.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. When we make material changes, we will notify users by posting a prominent notice on our website or, if appropriate, by sending an email notification. The “last updated” date at the top will be revised accordingly. We encourage you to review this page periodically to stay informed about how we are protecting your information. By continuing to use our services or participate in our promotions after any changes take effect, you will be deemed to have accepted the revised policy.
12. Contact Us and Privacy Complaints
If you: - have any questions or comments about this Privacy Policy or how we handle your information, - want to access or correct your personal info we hold, - wish to opt out of marketing or make a data-related request, - or have a concern or complaint about your privacy (e.g., you believe we have breached the APPs or mishandled your data),please contact our Privacy Officer:Email: support@prizecart.app
We take privacy complaints seriously. If you lodge a complaint: - We will acknowledge your complaint within 5 business days. - Our Privacy Officer (or delegate) will investigate the matter by reviewing our relevant records and speaking with the concerned teams. - We may contact you to request more details or clarification if needed. - We aim to provide a written response within 30 days of receiving the complaint, outlining the outcome of our investigation and any actions we will take to address the issue. If we need more time (due to complexity), we will inform you of the delay and reason. - If a breach is confirmed, we will take prompt steps to rectify it and prevent reoccurrence (such as improving procedures or training). We will also inform you of measures taken.If you are not satisfied with our response to a privacy issue or complaint, you have the right to escalate the matter to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted via: - Website: www.oaic.gov.au (which has an online privacy complaint form) - Phone: 1300 363 992 - Email: enquiries@oaic.gov.auWe would appreciate the chance to resolve your concerns first, but you may contact the OAIC at any time.Thank you for taking the time to read our Privacy Policy. We value your trust and strive to protect your personal information.
PrizeCart Pty Ltd (ABN 47 688 017 692) (“PrizeCart”, “we”, “us” or “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal information in the course of our business, including through our website (prizecart.app) and our promotional services such as the PrizeCart instant win promotions (“Promotion”). It also outlines your rights and how you can contact us about privacy concerns.By interacting with PrizeCart (for example, by entering one of our promotions or using our services), you consent to the handling of your personal information as described in this Policy. We adhere to the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth).
1. What Personal Information We Collect
We only collect personal information that is reasonably necessary for our functions and activities – primarily, running trade promotions and related services. The types of personal information we may collect include: - Identification details: such as your full name, email address, phone number, date of birth, and postal or delivery address. For example, when you enter a Promotion, we will ask for your name and contact information so we can identify you and notify you if you win. We may also collect your age or date of birth to ensure you are eligible (e.g., over 18). - Transaction details: if our Promotion is linked to a purchase, we might collect information about your purchase from a participating merchant, such as the date of purchase, amount spent, order number, and store name. This helps us verify your entry and calculate your number of entries (e.g., $5 = 1 entry). - Account or login details: if you register an account on our platform or website, we may collect a username and password, and possibly social media handles if login via social network. - Promotion-specific information:depending on the contest, we might collect content you submit or any preferences you provide about prizes. - Device and usage information: when you use our website or digital platform, we automatically collect some data through cookies or similar technologies. This may include IP address, device type, browser type, browsing actions on our site, and referral URLs. This info helps us understand how users engage with our site and improve our services. (See Section 7 on Cookies). - Marketing preferences: if you opt-in to receive marketing communications, we record that consent and your preferences (e.g., email newsletter subscribed, or opted out). - Communications with us: any correspondence or inquiries you send (emails, customer support chats, phone calls) may be stored, including your contact details and the content of the communication.We do not collect sensitive information (such as racial/ethnic origin, health information, etc.) for our promotions. We will never require such info for you to participate. If you voluntarily provide any sensitive info (for example, telling us about a health issue that might require accommodation in a prize), we will treat it as confidential and only use it for the limited purpose for which you provided it (with your consent).2. How We Collect Personal Information
We collect personal information in several ways: - Directly from you: Most data is collected when you knowingly provide it to us. For instance, when you fill out an entry form for a Promotion, create an account, contact us via a form or email, or otherwise submit information on our website or social media. - From participating merchants: In our promotions that involve partner stores, we may receive relevant purchase information from those merchants to validate entries. For example, if you enter a PrizeCart promotion by purchasing at Merchant A’s online store, Merchant A might share your order ID and email with us so we can match it with your entry. This is done under agreements ensuring the Merchant has the right to share that data with us for the Promotion. We may also receive confirmation from merchants if a prize we issue (like a voucher) is redeemed, for record-keeping. - Automated means: When you interact with our website, certain info is collected via cookies, analytics, and server logs (IP, device, etc., as mentioned). We may use third-party analytics tools (like Google Analytics) which gather usage data on our behalf (see Section 7). - From social media or referrals: If you engage with a PrizeCart promotion through social media (for example, clicking a Facebook ad or using a social login feature), we might receive your social media public profile info that you’ve agreed to share (like name, email from Facebook if you used it to log in). Also, if a friend refers you to our promotion via a referral link, we might record that referral relationship (who referred whom). - Through cookies and tracking technologies: As noted, our site uses cookies for functionality (like keeping you logged in) and for analyzing web traffic. These might also track when you’ve seen or clicked on an ad or promotion announcement of ours (so we measure campaign effectiveness).If you choose not to provide certain personal information (e.g., you leave required fields blank on an entry form), you may not be able to participate in the promotion or receive a prize, or we may not be able to respond to your inquiry fully. We will always make clear what information is required versus optional.
3. Purpose of Collection – How We Use Personal Information
We use the personal information we collect for the following purposes: - Conducting Promotions and Contests: This is our primary purpose. We use entrant information to: - register and administer your entry (e.g., confirming you meet eligibility criteria); - allocate entries or chances to you based on your actions (like purchases); - run the random draw or instant win algorithms (which may involve associating your entry with a random outcome); - contact you if you are a winner or otherwise need to be notified (winner notification letters/emails, requesting further details for prize delivery); - verify your identity and entry (which might include using data from merchants or requesting proof like ID or receipt scans if needed to ensure fairness and prevent fraud); - deliver prizes to you (for instance, if you win, we need your address to send a parcel, or we email digital gift codes); - publish winner announcements (we may use your name/initials and state as required by law in winner lists – see Section 5 on Disclosure). - comply with legal requirements of promotional lotteries (like keeping a record of all entries and prizes, and providing reports to regulators if asked). - Providing our Services: If you have an account with us or use our platform regularly, we use your info to maintain your account, authenticate you at login, and personalize your experience (for example, remembering past promotions you participated in). - Customer Support and Communication: If you contact us with questions, feedback or complaints, we use your provided info to respond and help resolve issues. We might also proactively reach out to entrants to provide important updates about a promotion (e.g., if a prize draw date changed, or reminding winners to claim prizes). - Marketing (with consent): If you have consented (opted-in) to receive marketing communications from us, we will use your contact details to send you newsletters, updates on new promotions, special offers, or related products/services that may interest you. We might tailor these communications based on your participation history (for example, if you often enter tech gadget giveaways, we might send you news about similar upcoming promotions). You can opt-out at any time (see Section 6). - Promotional Analytics and Improvement: We use data (mostly aggregated or de-identified where possible) to analyze the effectiveness of our promotions and our platform. For example, we examine how many people enter from each merchant, at what times entries spike, which prizes are most popular, etc. We also track website usage data to improve site functionality and user experience (like detecting broken links or slow pages, or seeing what info pages entrants visit most so we can make those clearer). - Fraud Detection and Security: We may use personal info and technical data to monitor for any suspicious or fraudulent activity. For instance, we might detect if one person is creating multiple fake accounts or entries – we would analyze usage and entry patterns and IP addresses for that. If necessary, we may use that information to disqualify entries per our terms and to protect the integrity of our promotions. We also keep logs to investigate any attempted hacking or denial-of-service attacks and may share relevant info with cybersecurity consultants or law enforcement. - Legal Compliance: We might process your information where necessary to comply with legal obligations. For example: - Keeping records of all entries and winners for a certain period as required by state regulations (some states require records to be kept for several years[106]). - Responding to requests from regulatory authorities – e.g., if a state gambling regulator asks for winner details or proof of prize awarding, we will use and possibly disclose the data for that purpose. - Handling any legal claims – if there’s a legal dispute or inquiry involving you (like if you claim a prize was not delivered), we will use relevant data to address the issue (including in court or dispute resolution if it came to that).We generally will not use your personal information for purposes other than those above without your consent, unless allowed or required by law. If we ever need to use information in a new way, we’ll update this Policy and, if required, seek your consent.
4. Disclosure of Personal Information
PrizeCart respects the confidentiality of your personal info and will disclose it only in certain situations. The parties or entities we may share information with are: - Promotion Partners (Participating Merchants): We may share with a participating merchant the list of their customers who entered via that merchant’s store, or prize redemption info if needed for them to honor something. For example, if you win a discount code or free item at Merchant’s store, we might inform that Merchant of your name or a unique code so they can validate it when you redeem. However, we do not generally give merchants our full entrant list or your contact info for their own marketing without your consent. If a Merchant requests confirmation of a particular entry (say to verify a suspicious transaction), we might confirm minimal necessary data. All participating merchants are bound by either our contractual terms or their own privacy obligations to not misuse data we share. - Prize Fulfillment and Delivery Providers: For physical prizes, we may share your name and address with a courier or postal service to deliver the item. For digital prizes provided by third parties (e.g., a gift card from an outside retailer), we may need to share your details with that third party to arrange issuance of the prize in your name. If a prize is provided directly by a sponsor (not common, but e.g., if a sponsor ships the prize to winner), we will share winner’s info with that sponsor only as needed to deliver the prize, and we will ensure they agree to use it solely for that purpose. - Service Providers (Data Processors): We use third-party companies to help us operate our business and the Promotion. These include: - IT and Hosting providers: companies that host our website, databases, and servers (which might include cloud services like AWS or Azure, etc.). They may store your data on their servers but can only process it per our instructions. - Email/SMS delivery services: to send out bulk notifications or winner emails, we may use services like MailChimp, SendGrid, or similar. They would have access to your email and name to send messages on our behalf. - Analytics services: Google Analytics or others may process usage data (IP, device info) as described above to provide usinsights. This may involve data going overseas (Google’s servers, etc., see Section 8 on overseas). - Customer support tools: if we use a CRM or helpdesk software, the information you provide in support queries might go through that tool. - Independent Scrutineer or Auditor: For regulatory compliance, we might engage an independent scrutineer (like a CPA or Justice of Peace) to audit the draw. They might see entrant names or winner names as part of verifying correct procedures. They are typically bound by confidentiality or professional obligations. - Marketing and Ad partners: If you have consented to marketing, we might use a marketing platform that manages our contact list and campaigns. Also, if we run targeted ads (e.g., on Facebook), we might provide hashed email addresses to the platform to create custom audiences (only if legally allowed and with consents). - These service providers are not allowed to use your information for their own purposes and are bound by contracts to handle data securely and confidentially. - Regulatory and Legal Authorities:We may disclose personal information when required by law or regulation, or when we believe in good faith that such disclosure is necessary to: - Comply with legal processes: e.g., responding to a court order, subpoena, or a lawful request by a government authority. - Comply with permit conditions: some permits (especially ACT/SA) might require us to submit a list of winners to the authority or allow inspection of records. We will comply with those obligations, which could involve disclosing info like winner’s name and prize to the regulator. - Enforce our terms or protect rights: if a participant is suspected of fraud or other unlawful activity in connection with our promotion, we might share relevant info with law enforcement or legal counsel to address the matter. Also, if necessary to protect and defend the rights, property, or safety of PrizeCart, our customers, or the public, we may disclose information (for example, providing evidence of attempted fraud to police). - Affiliated Companies: Currently, PrizeCart Pty Ltd is a single entity. If in the future PrizeCart forms subsidiaries, or is part of a group of related companies, we might share data within that corporate group as needed for the same purposes in this Policy. All group members would abide by this Policy. - Business Transfers: If PrizeCart is involved in a merger, acquisition, sale of assets, or any corporate reorganization, your personal information may be transferred to the new entity as part of that deal. We would ensure the new owner has to respect privacy in line with this Policy. We would notify users (for example, via a notice on our website or email) if a transfer affects how their data is handled or who is controlling it.We do not sell your personal information to third parties for their own marketing use without your explicit consent. We may share de-identified or aggregated data (which can’t reasonably identify you) publicly or with partners – e.g., “20% of entrants were from Victoria” or “We had 10,000 entries in this campaign” – that kind of statistical info which does not contain personal details.
5. Disclosure of Winners Information
As part of running regulated promotions, we often must publish limited personal details of winners. For example: - For major prizes, we may need to publish the winner’s first initial, last name, and suburb or state on our website or in a newspaper within a certain time[93][13]. We will do this as required by each state’s regulations (and as outlined in the Promotion Terms & Conditions). - We might also announce winners (with their consent) on our social media pages or website, as part of promotion results. Typically we use minimal identifying info (e.g., “Congratulations to Jane D. from Brisbane!”). - By entering our promotions, you acknowledge that if you win, we may disclose your name in winner announcements as required by law or permitted by the promotion rules. We will not disclose personal information beyond what is necessary (we won’t publish your full address or contact info). - If you have specific concerns about your name being published, you can contact us. In some cases, regulators can grant exemptions for name publication (for instance, for safety reasons). We’ll handle such requests case by case, but we must follow the law.
6. Your Rights and Choices
- Access and Correction: You have the right to request access to personal information we hold about you. You also have the right to request corrections if any of that information is inaccurate, out-of-date, or incomplete. You can do this by contacting us (see Section 9). We will require verification of identity to release personal data (so we don’t accidentally give your info to someone else). We will respond to access requests within a reasonable period (usually 30 days). In some cases, we might not be able to provide full access (e.g., if it involves disclosing someone else’s personal info or if it’s subject to legal privilege), but we’ll explain the reasons. - If you have an online account with us, you may also log in and view or update basic information yourself (like updating your contact email, etc.). - For correction requests, if we agree the info is wrong, we will correct it and confirm to you. If we disagree (rare, e.g., you might say “I actually won that prize, not someone else” and records show otherwise), we’ll let you know and you can provide a statement which we’ll keep with the record noting your claim. - Opt-Out of Marketing: If you have subscribed to our marketing communications, you can opt-out at any time. Each marketing email will have an “Unsubscribe” link at the bottom – clicking that will remove you from future promotional mailings. You can also contact us directly to request removal. Note that transactional or operational emails (like winner notifications or account-related messages) are not subject to opt-out as they are not marketing – we only send those when necessary for service. - Withdraw Participation: If at any point you decide you no longer want to be part of a promotion (prior to its conclusion), you can contact us to withdraw your entry. Keep in mind if you withdraw, you forfeit any chance to win and any prizes not yet claimed. Also, if a permit requires us to keep entry records, we might archive your info rather than fully deleteuntil legally allowed, but we will mark you as withdrawn. - Deletion: You may request that we delete personal information we hold about you. This is often called the “right to erasure” or “right to be forgotten”. Note that this right is not absolute under Australian law, but we will honor deletion requests to the extent we can: - If you request deletion after a promotion has ended and your data is no longer needed, we will take reasonable steps to de-identify or destroy it if feasible. - If your data is still required for an ongoing promotion or by law (e.g., record-keeping requirements or if you were a winner, we might need to retain your info for audit/tax purposes), we may not immediately delete it. We’ll communicate with you about what can be deleted and what must be retained. - We may also retain certain minimal info to ensure we don’t inadvertently contact you again (e.g., keeping your email on a suppression list if you opted out). - Cookies and Tracking Controls: You can control cookies through your browser settings. You can usually configure your browser to reject some or all cookies, or to alert you when cookies are being used. However, rejecting cookies might affect our site functionality (like you may not be able to remain logged in, etc.). For analytics opt-out, Google provides a tool (the Google Analytics Opt-out Browser Add-on) if you don’t want to be tracked by Google Analytics on any site. - Anonymity/Pseudonymity: You have the option of not identifying yourself or using a pseudonym in certain interactions with us (for example, you could email customer support just signing as “John” without providing full details). However, for many of our services, especially entering promotions, it is impractical for us to serve you without certain personal details. For instance, we cannot award a prize to an anonymous entrant, and permits often require full names of winners. So while we respect anonymity in general inquiries, to actually enter and win, you will need to provide real identifying info. - Complaints: If you believe we have breached your privacy rights or the APPs, you have the right to make a complaint (see Section 9 on how we handle that).We will never discriminate against you or deny you a service just because you exercised a privacy right. However, as noted, if you don’t allow us to use certain info, we might not be able to include you in a promotion (that’s a consequence of the service, not discrimination).
7. Cookies and Online Tracking
We use cookies and similar technologies on our website to enhance user experience and for analytics/advertising. Here’s more detail: - What are cookies? Cookies are small text files that a website saves on your device when you visit. They allow the site to remember your actions and preferences over a period of time. - Types of cookies we use: - Essential cookies: These are necessary for our site’s operation. For example, session cookies that keep you logged in as you navigate between pages, or that remember your promotion entries in a cart before submission. - Analytics cookies: These track aggregate site usage. For example, Google Analytics cookies track pages visited, time spent, referring sites, etc., but do not personally identify you to us. We use this information to understand traffic patterns and improve site content and layout. - Functionality cookies: These remember choices you made to give you better, more personalized features. E.g., maybe remembering your region or that you closed a pop-up so it doesn’t show again. - Advertising cookies: We don’t have third-party ads on our site, but we may use tracking cookies for our own marketing. For instance, a Facebook Pixel or Google Ads cookie might be present so that if you visited our site, we canlater show you our promotion ads on those platforms (a practice called retargeting). These cookies generally identify your browser or device, not you personally by name. - Third-Party Cookies: As mentioned, we might use third-party services that set cookies (e.g., Google, Facebook). They may also use those cookies for their own purposes according to their privacy policies. You can usually opt-out of targeted advertising via those platforms’ settings (e.g., Google’s Ads Settings, Facebook’s Ad preferences). - Managing Cookies: You can manage or delete cookies at your will. Most browsers allow you to refuse new cookies, delete existing ones, or notify you when new ones are set. Please refer to your browser’s help documentation. If you block all cookies from our site, some features might not function (like the login or entry form). - Do Not Track: Some browsers offer a “Do Not Track” (DNT) setting. At this time, our site does not respond to DNT signals in a uniform way, because there is not a consistent industry standard for compliance. We will treat DNT signals as if you have opted out of cookie-based tracking where feasible (for instance, we can ensure not to use your visits for retargeting ads if we detect DNT), but generally, the cookies will operate as described unless you disable them.
8. Cross-Border Disclosure
PrizeCart operates in Australia and our primary data storage is in Australia. However, some of our service providers or partners are located overseas or use global cloud infrastructure. This means personal information may be transferred to or accessible from other countries, including (but not limited to) the United States (where companies like Google, Facebook, Mailchimp, etc., have servers), the European Union, or Asia-Pacific regions (if we use any Asia-Pacific data centers).When we transfer personal data outside of Australia, we take steps to ensure it remains protected. These steps include: - Only using reputable service providers who have robust security measures and, where possible, are subject to privacy regimes that are similar toAustralia’s or are certified under frameworks like the EU Standard Contractual Clauses or the APEC Cross-Border Privacy Rules. - Contractually obliging foreign recipients to handle the information in accordance with our instructions and this Privacy Policy, and to use it only for the purpose it was provided. - For example: - Google Analytics data may be processed on Google’s global servers, possibly in the USA or elsewhere. Google is bound by its privacy and security commitments under its terms with us. - If we email via Mailchimp (US-based), they have Standard Contractual Clauses in place and are experienced with privacy compliance. - Cloud hosting (if on AWS, for instance) might replicate data in multiple regions for backup, but AWS has a strong security and privacy compliance program.By providing us with your personal information or entering our promotions, you consent to the possibility of such international transfers. We will not transfer your personal information to a foreign entity if it is known to be legally prohibited from protecting it (i.e., we won’t knowingly send your info to a country with no privacy law and an entity that won’t safeguard it). If you have concerns about particular overseas locations, please contact us for more information.
9. How We Protect Personal Information
PrizeCart takes the security of your data seriously. We implement a variety of administrative, technical, and physical safeguards to protect the personal information we hold against loss, theft, and unauthorized access, use, modification, or disclosure. These measures include: - Access Controls: Personal information is stored in secure systems that are password-protected and accessible only by authorized personnel who require access to perform their duties (e.g., our promotion management team, IT administrators). We follow the principle of least privilege – staff only get access to the data they absolutely need. - Encryption: Our website has SSL/TLS encryption (HTTPS) to protect data in transit between your browser and our server (so entry forms and login credentials are encrypted during transmission). Sensitive fields (like passwords) are hashed/encrypted in our database. For certain high-risk data (e.g., if we ever collected ID scans or bank details for prize distribution), we would encrypt those at rest. - Firewalls and Security Monitoring: Our servers are protected by firewalls. We employ anti-malware tools and intrusion detection systems to monitor for suspicious activities. We keep software and platforms updated with security patches. - Anonymization/De-identification: Where possible, we de-identify data that we don’t need in personal form. For example, after a promotion, we might strip names/emails from entry data and just keep aggregated stats. When using data for analytics or trend analysis, we use anonymized datasets. - Physical Security: If any personal info is stored in physical form (like paper winner declarations or permit paperwork), it is kept in a secure location (locked cabinets in a restricted office area). Our offices also have controlled access. - Training and Policies: Our staff are trained on privacy obligations and how to handle personal data properly. We have internal policies on data protection and require any new team members to agree to confidentiality. - Data Retention: We do not keep personal data longer than necessary for our business and legal requirements. When personal info is no longer needed, we securely destroy or de-identify it. For example, entrant data from a promotion may be deleted a certain time after the promotion ends (taking into account things like statute of limitations for any legal claims or permit audit time frames). Winner information might be retained longer if required for tax or regulatory reasons. - Incident Response: Despite best efforts, no system is completely foolproof. We have a data breach response plan. If we suspect or become aware of a data breach that is likely to result in serious harm, we will promptly investigate and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under the Privacy Act. This includes detailing what data was involved, the likely consequences, and the steps we are taking to mitigate harm and prevent recurrence.While we strive to protect your information, it’s important for you as well to take precautions. Please keep your account credentials confidential and notify us immediately if you suspect any unauthorized use of your account or a potential security issue. We will never ask you for your password via email or phone – be cautious of phishing attempts.
10. Links to Other Websites
Our website or communications might contain links to third-party websites (for example, a sponsor’s site, or social media pages). Please note that those websites are not controlled by PrizeCart and have their own privacy policies. We are not responsible for the content or privacy practices of external sites. If you click on an external link, we encourage you to read that site’s privacy policy to understand how they will handle your data. This Privacy Policy applies solely to personal info collected by PrizeCart.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. When we make material changes, we will notify users by posting a prominent notice on our website or, if appropriate, by sending an email notification. The “last updated” date at the top will be revised accordingly. We encourage you to review this page periodically to stay informed about how we are protecting your information. By continuing to use our services or participate in our promotions after any changes take effect, you will be deemed to have accepted the revised policy.
12. Contact Us and Privacy Complaints
If you: - have any questions or comments about this Privacy Policy or how we handle your information, - want to access or correct your personal info we hold, - wish to opt out of marketing or make a data-related request, - or have a concern or complaint about your privacy (e.g., you believe we have breached the APPs or mishandled your data),please contact our Privacy Officer:Email: support@prizecart.app
We take privacy complaints seriously. If you lodge a complaint: - We will acknowledge your complaint within 5 business days. - Our Privacy Officer (or delegate) will investigate the matter by reviewing our relevant records and speaking with the concerned teams. - We may contact you to request more details or clarification if needed. - We aim to provide a written response within 30 days of receiving the complaint, outlining the outcome of our investigation and any actions we will take to address the issue. If we need more time (due to complexity), we will inform you of the delay and reason. - If a breach is confirmed, we will take prompt steps to rectify it and prevent reoccurrence (such as improving procedures or training). We will also inform you of measures taken.If you are not satisfied with our response to a privacy issue or complaint, you have the right to escalate the matter to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted via: - Website: www.oaic.gov.au (which has an online privacy complaint form) - Phone: 1300 363 992 - Email: enquiries@oaic.gov.auWe would appreciate the chance to resolve your concerns first, but you may contact the OAIC at any time.Thank you for taking the time to read our Privacy Policy. We value your trust and strive to protect your personal information.