Last updated 10 September 2020
This statement is to reassure you that at Prizeology we take privacy seriously and do all we can to respect the right to privacy of anyone using our site and services. We treat any information that you provide us with as confidential and do all we can to protect your personal information.
Should you need to contact us, we can be reached by post at 1 Mark Square, London, EC2A 4EG, or over the phone or email at 020 7856 0402 and firstname.lastname@example.org respectively.
Compliance is the cornerstone of our business, so we ensure we comply with the Data Protection Act 2018, Privacy and Electronic Communications Regulations 2003 (amended 2011), and the European Union (EU) General Data Protection Regulation, which came into force from 25 May 2018.
Collecting personal data
Personal data consists of information related to an identified or identifiable natural person. Such information may include a name and address for example. We process personal data relating to prize promotion entrants and winners, clients, suppliers, marketing contacts, current or former members of staff.
We may collect and process the following information:
• Phone number
• Email address
• Postal or company address (for prize delivery or invoicing purposes)
• Date of birth (to confirm an individual is over 18 for example)
• Payment information/bank details (for a prize allowance or invoicing purposes)
Please note the above are general examples and the information we collect is very much dependent on the purpose or promotion carried out.
We may also request proof of identity or address for prize entrants, please note this information will already be set out in the respective promotion’s terms and conditions.
We do not process any sensitive data, nor any children’s data, unless we are administering a children’s prize promotion (in this event parental or legal guardian permission will be required to enter).
Why we collect personal data
We’re a prize promotions agency and we run prize draws, competitions and other promotions on behalf of our clients. We primarily collect personal data from members of the public so that we can administer those prize promotions. If you enter a prize promotion we’re running on behalf of one of our clients, we will collect your personal data so that we can, for example, liaise with you to check information, conduct the prize draw or judge entries for a competition, notify you if you’re a winner and ensure you receive your prize, and/or to provide a winners’ list as required by the Advertising Standards Authority. The ways in which we collect your personal data include via a prize draw or competition microsite managed by us or by a third party, via email, by phone including text, in writing when you enter a promotion by post.
We will only share an individual’s information:
• for fulfilment purposes, for example with a handling house or delivery company for prize dispatch. We hold data protection agreements with all of our suppliers;
• to comply with any legal obligation;
• for legitimate business purposes. To do so, we would first carry out a legitimate interest assessment, which would enable us to determine whether our plans are legitimate.
If you are a client, work for another agency or are a general business contact, we collect your personal data so that we can work effectively with you. The ways in which we collect your personal data include online via the Prizeology website, via email, by phone including text. Any personal data we collect via the newsletter sign-up form on our website will only be used for the purpose of sending you the Prizeologist, our monthly newsletter.
We may also collect personal data so that we can communicate with potential clients to market our services and generate new business. Please see our Marketing Purposes section below for further information.
How we store your personal information
We make sure we process and store your personal information safely and securely. All personal data we hold electronically is stored on a secure encrypted server, using Bitlocker and per-file encryption, which is hosted in the European Economic Area (EEA). As well as this encryption, all files containing personal data are password-protected. All computers used by Prizeology have strong anti-virus protection which is updated regularly.
If we do need to share your personal information with a business we work with, for example our client or a company that is handling the delivery of a prize, we will only do that via a secure FTP site. We have our own FTP site for secure transfer.
If we do need to transfer personal information outside the EEA, the transfer will be overseen by our data protection manager and we will ensure the transfer is legal and your data is secure.
How long we retain your data
We don’t keep your personal data for any longer than we need to. Any personal data we collect for a prize promotion will routinely be deleted once all prizes have been fulfilled and the winners’ list has been published (ordinarily six months after the promotional closing date). Please note however that this is very much dependent on the length of the promotional period and/or prize claim timeframe; where these are longer, any personal data will be deleted in accordance with this duration.
However, we will retain such data where any of the following instances apply:
– where we have a legal obligation to do so; or
– to detect and prevent fraud on behalf of our clients. We will keep personal data including name, email address, postal address and mobile phone number in order to prevent individuals from fraudulently entering promotions we run on behalf of clients, and/or claiming prizes which are in breach of the terms of the particular promotion. We will use this data to prevent fraud across all of the promotions where we act as administrator to help ensure promotions are administered fairly for consumers and brands.
Your data protection rights
You have a number of rights related to what we do with your personal information. For example, you have the right to know what we are collecting and how we are collecting it (the right to be informed), to see any personal data we may hold about you (the right of access) and you can ask us to correct any inaccuracies (the right to rectification). We will respond within 28 days of receiving your request for right of access or right to rectification.
By participating in one of our prize promotions, you actively consent to your personal data being processed to administer the prize promotion, but you have the right to withdraw your consent at any time.
You also have a right to erasure, which means you can ask us to delete or remove any information we hold on you. We will respond within 28 days of receiving your request.
To exercise a right under GDPR, please send a written request by email to email@example.com or by post to Prizeology Limited, 115 Mare Street, London E8 4RU. We will respond within 30 days. This request is free. To correct any inaccuracies, please email or call us on 020 7856 0402. If you want to know more about these rights, the Information Commissioner’s Office has more guidance on their website, https://ico.org.uk/.
You can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data, which you can contact via https://ico.org.uk/global/contact-us/.
Marketing purposes (for businesses)
Any personal data we collect via the newsletter sign-up form on our website will only be used for the purpose of sending you the Prizeologist, our monthly newsletter. We will process this data securely and keep it safe in the same way as we keep all other data safe. We ask you to actively consent to receiving the Prizeologist, but you have the right to withdraw your consent at any time. You can do this via either of the buttons at the bottom of the newsletter which say ‘Unsubscribe from this list’ and ‘Update subscription preferences’.
We may also want to send you relevant marketing information via email. Where we do this, we would first carry out a legitimate interest assessment, which would enable us to determine whether our plans are legitimate. If we went ahead, we would make it clear how we planned to use the data and we would give people an easy way to opt out of our marketing communications.
Just to be clear, we might also collect and process information under legitimate interests because we were buying or selling a business or assets, but again we would first carry out a legitimate interest assessment, and we would collect and process information in a reasonable and secure way.
We do endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security or accuracy of any data that you disclose, and we will not be responsible for any breach of security unless it is due to our negligence or wilful default.
All members of staff have received training in data protection and information security. Any further training will be provided where there are any significant changes to the law or our procedures. Any new member of staff will receive compulsory data protection training.
We hope the above is all clear, but we understand it’s all fairly legalistic so if you have any queries or concerns about our use of your personal information, you can contact our data protection manager (Sarah Burns), either by emailing firstname.lastname@example.org or calling 020 7856 0402.
Some of our cookies are used to simply collect information about how visitors use our website. These types of cookies collect the information in an anonymous form.
However, if you do delete and block all cookies from our website, parts of this site may not then work. This is because some of the cookies we use are essential for parts of our website to operate.
If you don’t wish to accept cookies from our website, please leave it at once and then delete and block all cookies from this site.