Data Protection and Privacy Policy for Premierwin Games and Competitions 

[updated 28 September 2025] 

 

  1. Introduction and Overview 

 

  • 1.1 Who we are 

Premierwin Competition Ltd (“we”, “us,”, “our”) is a company incorporated in England and Wales (Company Registration Number 16537309). Our registered office is at Riddicks Sports Bar, 22 Fowler Street, South Shields, Tyne and Wear, NE33 1NA, United Kingdon. We operate online skill based competitions and promotional prize draws through our website www.premierwincompetitions.co.uk and associated mobile applications (the “platform”) 

 

  • 1.2 Our Commitment to Privacy 

We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store and protect your personal data when you use our Platform and services. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable privacy laws.  

 

  • 1.3 Data Controller 

For the purposes of data protection law, Premierwin Competitions Ltd is the data controller responsible for your personal information. Our Data Protection Officer can be contacted at info@premierwincompetitions.co.uk 

 

  • 1.4 Scope of this policy 

This Privacy Policy applies to all personal information we collect about you when you: 

  1. Visit our platform 
  2. Create an account or register for our services 
  3. Participate in our competitions or games either online or live 
  4. Contact our customer support 
  5. Interact with our marketing communications 
  6. Use any of our related services.  

 

  1. Information we collect 

 

  • 2.1 Information provided by you 
  •  a) On account registration 

Full name 

Date of birth 

Email address 

Postal address 

Phone number 

Username and password 

Security questions and answers 

  • b) Identity verification including but not limited to 

     Government-issued ID (passport, driving licence) 

     Proof of address documents 

     Bank statements or utility bills 

     Selfie photos for identity verification 

     Biometric data (facial recognition for verification) 

  • c) Payment and financial information 

Payment card details (processed securely by our payment providers) 

Bank account information 

Transaction history 

Wallet balance and transaction records 

Tax identification numbers (where required)  

Source of funds documentation.  

  • d) Competition and Gaming Information 

Competition entries and preferences 

Game play history and statistics 

Spending patterns and competition behaviour 

Prize claims and winnings 

Customer support interactions 

  • e) Communication Information 

Messages sent through our Platform 

Customer service correspondence 

Feedback and survey responses 

Social media interactions 

Marketing communication preferences 

 

  • 2.2 Information collected automatically 
  • a) Technical information 

IP address and geolocation data 

Device type, model and operating system 

Browser type and version 

Screen resolution and device settings 

Internet connection speed 

Unique device identifiers 

Mobile advertising IDs 

  • b) Usage Information 

Pages visited and time spent on Platform 

Click patterns and navigation paths 

Game play sessions and duration 

Feature usage and preferences 

Search queries and filters used  

Referral sources and exit pages 

  • c) Performance and Analytics Data  

Platform performance metrics 

Error logs and crash reports 

Loading times and response rates 

A/B testing participation 

Feature adoption rates 

User journey analytics 

  • d) Cookies and Tracking Technologies 

Session and persistent cookies 

Local storage data 

Web beacons and pixels 

Javascript tracking codes 

Cross-device tracking identifiers 

Third-party analytics tools 

 

  • 2.3 Information from third parties 
  • a) Payment Processors 

Transaction verification data 

Fraud risk assessments 

Payment method validation 

Chargeback and dispute information 

  • b) Identity Verification Services  

Identity document validation 

Address verification results 

Credit reference checks 

Fraud prevention data 

Politically Exposed Person (PEP) screening 

  • c)  Social Media Platforms  

Profile information from social logins 

Friend connections and social graphs 

Public posts and interactions  

Advertising interaction data 

  • d) Data brokers and partners 

Demographic and lifestyle information 

Marketing preferences and interests 

Device and household data 

Commercial and shopping behaviour 

  • e) Regulatory and law enforcement 

Sanctions and watchlist screening 

Criminal background checks 

Regulatory compliance data 

Investigation and enforcement records 

 

  1. Legal basis for processing your personal data  

 

  • 3.1 Contractual Necessity  
  1. Provide our platform and services 
  2. Process your competition entries 
  3. Manage your account and preferences 
  4. Process payments and prize distributions 
  5. Provide customer support 
  • 3.2 Legal Obligations  
  1. Anti-money laundering regulations 
  2. Tax reporting requirements 
  3. Gambling commission regulations  
  4. Data protection law obligations 
  5. Court orders and legal processes 
  • 3.3 Our Legitimate Business Interests  
  1. Fraud prevention and security 
  2. Platform improvement and optimization 
  3. Risk Management and credit control 
  4. Business analytics and research 
  5. Marketing to existing customers 

 

  • 3.4 Consent 
  1. Marketing communications 
  2. Optional data collection 
  3. Cookies and tracking (where required) 
  4. Data sharing with partners 
  5. Biometric data processing 

 

  • 3.5 Vital interests.  

We may process data to protect vital interests in emergency situations or to prevent harm to you or others.  

 

 

  1. How we use your information 

 

  • 4.1 Platform Services 
  1. Creating and managing your account 
  2. Processing competition entries and transactions 
  3. Determining game outcomes and winners 
  4. Distributing prizes and payments 
  5. Providing customer support 
  6. Maintaining platform security 

 

  • 4.2 Identity Verification and Compliance 
  1. Verifying your age and identity 
  2. Confirming your address and residence  
  3. Preventing fraud and money laundering 
  4. Complying with gambling regulations  
  5. Conducting risk assessments 
  6. Reporting to regulatory authorities 

 

  • 4.3 Platform Improvement 
  1. Analysing usage patterns and preferences  
  2. Testing new features and functionality 
  3. Optimising platform performance 
  4. Personalising user experience 
  5. Conducting market research 
  6. Improving customer support 

 

  • 4.4 Marketing and Communications 
  1. Sending promotional offers and updates 
  2. Personalising marketing content 
  3. Managing email subscriptions 
  4. Social Media engagement 
  5. Affiliate and partnership marketing 
  6. Remarketing to website visitors 

 

  • 4.5 Security and Fraud Prevention 
  1. Monitoring for suspicious activity 
  2. Preventing unauthorised access  
  3. Detecting and investigating fraud 
  4. Protecting against cyber attacks  
  5. Maintaining audit trails 
  6. Incident response and investigation 

 

  • 4.6 Legal and Regulatory Compliance  
  1. Meeting promotional and competition requirements 
  2. Reporting suspicious activities 
  3. Responding to legal requests 
  4. Tax calculation and reporting  
  5. Record keeping for regulatory purposes 
  6. Cooperating with law enforcement 

 

  1. Data Sharing and Disclosure  

 

  • 5.1 Service Providers and Processors  
  • a) Payment Processing  

Stripe and other payment gateways 

Banking partners and card processors 

Fraud Prevention services 

  • b) Identity Verification 

Document verification services  

  • c) Technology and Infrastructure 

Cloud hosting providers (AWS, Google Cloud) 

Content delivery networks 

Analytics and tracking services 

Customer support platforms 

Email and SMS services 

  • d) Marketing and Advertising 

Social media and advertising platforms 

Email marketing services 

Affiliate networks 

Customer feedback platforms 

 

  • 5.2 Regulatory and legal disclosures 

Information will be passed to the relevant body when legally requested to do so. This can include but not limited to; 

  1. Trading Standards authorities 
  2. HM Revenue and Customs (HMRC) 
  3. Financial Conduct Authority (FCA) 
  4. National Crime Agency 
  5. Courts and legal authorities 
  6. Other regulatory bodies as required 

 

 

 

 

  • 5.3 Business Transfers 

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred to the new owner subject to appropriate safeguards and notifications. 

 

  • 5.4 Emergency Situations 

Your information may be disclosed to protect the following: 

  1. Your vital interests or those of others 
  2. Our legal rights and property 
  3. Public safety and security 
  4. Prevention of crime or fraud 

 

  • 5.5 All data sharing safeguard arrangements include 
  1. Data Processing agreements 
  2. Security and confidentiality requirements 
  3. Data retention limitations 
  4. Purpose limitations 
  5. Regular compliance monitoring  

 

  1. Data Retention 

 

  • 6.1 General Retention Principles 

We will retain personal data only as long as necessary for 

  1. The purpose for which it was collected 
  2. Compliance with legal obligations 
  3. Establishment or defence of legal claims  
  4. Legitimate business interests 

 

  • 6.2 Specific Retention Periods 

 

  • a) Account information  

Active accounts: Duration of relationship 

Closed accounts: 7 years from closure 

Identity Documents: 5 years from account closure 

Transaction records: 7 years as required by law 

  • b) Participation and Competition data 

      Participation records: 5 years 

      Prize Claims: 7 years 

      Responsible participation data: 5 years 

      Dispute Records: 7 years  

c) Marketing and Communications 

     Email marketing data: Until subscribed + 3 years 

     Customer Support Records: 7 years 

     Website Analytics: 26 months 

     Cookie Data: As specified in Cookie Policy  

d) Security and Fraud Data 

     Fraud Investigations: 7 years 

     Security Incident Reports: 7 years 

     Access Logs: 2 years 

 

  • 6.3 Deletion Procedures  

When deletion periods expire we will 

  1. Securely delete and anonymise data  
  2. Remove data from active systems  
  3. Update backup systems  
  4. Maintain deletion logs 
  5. Notify relevant processors 

 

 

7.  Your Rights under Data Protection Law  

  • 7.1 Right of access 

You have the right to 

  1. Confirm whether we process your personal data 
  2. Obtain a copy of your personal data 
  3. Receive information about our processing activities 
  4. Request details about data sharing 

 

  • 7.2 Right to Rectification  

You can request correction of 

  1. Incorrect personal data 
  2. Incomplete personal data 
  3. Outdated information  

 

  • 7.3 Right to Erasure (“Right to be forgotten”) 

You can request deletion of your personal data when  

  1. Retaining your personal data is no longer necessary 
  2. You withdraw consent (where consent is the legal basis) 
  3. Data has been unlawfully processed 
  4. Deletion is required for legal compliance 

 

  • 7.4 Right to restrict processing 

You can request to restrict processing of your personal data when  

  1. You contest the accuracy of the data 
  2. Processing is unlawful but you prefer restriction rather than deletion 
  3. We no longer need the data, but you need it for legal claims  
  4. You object to processing pending verification 

 

  • 7.5 The Right to Data Portability 

You can receive your personal data in a structured, commonly used format and transmit it to another controller when processing is based on consent or contract 

 

  • 7.6 Right to Object 

You have the right to object to processing on  

  1. Legitimate interests (including profiling) 
  2. Direct marketing (absolute right) 
  3. Scientific or historical research 
  4. Statistical purposes 

 

  • 7.7 Rights related to automated decision making 

You have the right not to be subject to decisions based solely on automated processing, including profiling that produces legal effects or significantly affects you 

 

  • 7.8 Right to withdraw consent 

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal. 

 

  • 7.9 How to exercise your rights 

Contact us at support@premierwincompetitions.co.uk or through your account settings. We will respond within one month and may request identity verification.  

 

 

 

 

 

8. Security measures  

We have a number of security measures in place to help keep your personal data safe and secure.  

  • 8.1 Technical Safeguards 
  1. End-to-end encryption for sensitive data 
  2. Secure Socket Layer (SSL) technology 
  3. Multi-factor authentication 
  4. Regular security patches and updates 
  5. Intrusion detection and prevention systems 
  6. Data-loss prevention tools  

 

  • 8.2 Physical Security 
  1. Restricted access to data centres 
  2. Biometric access controls  
  3. 24/7 security monitoring  
  4. Environmental controls  
  5. Secure disposal of hardware 
  6. Visitor access controls  

 

  • 8.3 Organisational Measures 
  1. Regular security audits 
  2. Incident response procedures 
  3. Vendor security assessments  
  4. Background checks on employees 
  5. Data protection impact assessments 
  6. Staff training in systems  

 

  • 8.4 Data Minimisation 
  1. Collecting only necessary data 
  2. Regular data review and purging 
  3. Purpose limitation enforcement 
  4. Access controls and permissions 
  5. Data anonymisation where possible  
  6. Privacy by design principles  

 

9. Cookies and Tracking Technologies  

  • 9.1 The types of cookies we use include 
  1. Essential Cookies – necessary for platform functionality 
  2. Performance Cookies – Analytics and optimisation 
  3. Functionality Cookies – User preferences and settings 
  4. Marketing Cookies – Advertising and remarketing  

 

  • 9.2 Third Party Tracking 

We use third party services including 

  1. Google Analytics for website analytic 
  2. Facebook Pixel for advertising 
  3. Hotjar for user experience analysis 
  4. Stripe for payment processing 
  5. Various affiliate tracking systems 

 

  • 9.3 Cookie Management 

You can control cookie management through 

  1. Browser settings and preference 
  2. Our cookie preference centre  
  3. Third-party opt-out tools  
  4. Device setting for mobile apps 

For detailed information see our separate cookie policy 

 

10. Special Categories of data 

 

  • 10.1 Biometric Data 

We may process biometric data for identity verification including: 

  1. Facial recognition for account verification 
  2. Voice recognition for security 
  3. Fingerprint data (if supported by device) 

 

  • 10.2 Health Data 

We may collect health-related information for responsible participant monitoring, including  

  1. Self-exclusion requests 
  2. Spending concern indicators 
  3. Support service referrals 

 

  • 10.3 Legal Basis for Special Categories  

Processing is based on: 

  1. Explicit consent  
  2. Substantial public interest (fraud prevention) 
  3. Regulatory compliance requirements 

 

12. Children’s Privacy 

  • 11.1 Age Restrictions 

Our platform is strictly for users 18 years and older. We do not knowingly collect personal information from minors.  

 

  • 11.2 Age Verification  

We implement robust age verification including 

  1. Identity document checks 
  2. Third-party verification services 
  3. Regular re-verification processes 
  4. Suspicious activity monitoring 
  • 11.3 Underage Account Discovery 

If we discover an underage account  

  1. Immediate account suspension  
  2. Data deletion (except as required by law) 
  3. Investigation of verification failures  
  4. System improvements to prevent recurrence 

 

12. Marketing and Communications  

  • 12.1 Types of Marketing 
  1. Email newsletters and promotions 
  2. SMS marketing messages 
  3. Push notifications (mobile apps) 
  4. Social media advertising 
  5. Personalised website content  
  6. Affiliate marketing  

 

  • 12.2 Marketing Consent  
  1. Explicit opt-in required for marketing emails 
  2. Separate consent for SMS marketing  
  3. Clear unsubscribe options provided 
  4. Granular preference controls available 

 

  • 12.3 Personalisation  

We may personalise marketing based on  

  1. Gaming preference and history 
  2. Demographic information 
  3. Platform usage patterns 
  4. Previous marketing interactions 

 

  • 12.4 Opting Out 

You can opt out via  

  1. Unsubscribe links in emails 
  2. Account preference settings 
  3. Customer support requests 
  4. Reply “STOP” to SMS messages.  

 

13. Automated decision-making and profiling 

  • 13.1 Automated systems  

We use automated decision for 

  1. Fraud detection and prevention 
  2. Risk assessment and scoring 
  3. Competition outcome determination 
  4. Marketing personalisation  
  5. Responsible participation interventions 

  

  • 13.2 Profiling Activities 

We create profiles based on 

  1. Gaming behaviour and preferences 
  2. Spending patterns and limits 
  3. Risk indicators and flags 
  4. Marketing engagement history 
  5. Device and location patterns 

 

  • 13.3 Your Rights 

You have the right to  

  1. Request human intervention  
  2. Express your point of view 
  3. Contest automated decisions 
  4. Request explanations of logic involved 

 

 

 

14. Data Breaches and Incident Response 

  • 14.1 Breach Prevention 

We take breaches of data very seriously and have the following procedures in place to reduce the likelihood of a breach taking place. These include 

  1. Continuous security monitoring 
  2. Regular vulnerability assessments  
  3. Employee training and awareness 
  4. Vendor security requirements  
  5. Incident simulation exercises 

 

  • 14.2 Breach Response 
  • In the unlikely event of a breach of our security processes we will carry out the following procedures 
  1. Immediate containment and investigation 
  2. Risk assessment and impact analysis 
  3. Notification to authorities within 72 hours  
  4. Individual notifications if high risk without delay 
  5. Remedial action implementation 

 

  • 14.3 Notification Process  

We will notify you of breaches that 

  1. Pose high risk to your rights and freedoms 
  2. Involve sensitive personal data 
  3. Could result in identity theft or fraud 
  4. Affect your ability to control your data 

 

 

 

 

15. Responsible Competition Participation and Privacy 

 

  • 15.1 Data for Participation Protection 

We process data to: 

  1. Monitor spending patterns for responsible participation 
  2. Implement voluntary spending and time limits 
  3. Provide self-exclusion tools for those who request them 
  4. Offer support and resources for healthy competition participation 
  5. Comply with consumer protection obligations  

 

  • 15.2 Sharing for Protection  

We may share data with 

  1. Consumer protection organisations 
  2. Debt counselling services (with consent) 
  3. Regulatory authorities 
  4. Healthcare providers (with consent) 
  5. Financial education services  

 

  • 15.3 Sensitive Data Handling 

Participation pattern data receives enhanced protection through 

  1. Restricted access controls 
  2. Extended retention periods 
  3. Special category data safeguards 
  4. Confidentiality agreements 

 

16. Regulatory Compliance  

  • 16.1 Competition and Consumer Protection Compliance 

We comply with relevant agencies including 

  1. Competition and consumer protection laws 
  2. Promotional competition regulations 
  3. Consumer rights legislation 
  4. Fair trading standards 
  5. Advertising standards requirements 

 

  • 16.2 Financial Regulations 

We adhere to 

  1. Payment Services Regulations 
  2. Anti-money laundering (AML) regulations  
  3. Electronic Money Regulations  
  4. Tax reporting obligations  
  5. Counter-terrorism financing (CTF) rules  

 

  • 16.3 Data Protection Compliance 

We maintain compliance with  

  1. UK GDPR requirements 
  2. Data Protection Act 2018 
  3. Privacy and Electronic Communications Regulations 
  4. Relevant international data protection laws 

 

17. Third-party services  

 

  • 17.1 Payment Processors  

Stripe Inc 

Privacy Policy: https://stripe.com/privacy 

Data processed: Payment information, transaction data 

Purpose: Payment processing and fraud prevention 

 

  • 17.2 Analytics Services  

Google Analytics 

Privacy Policy: https://policies.google.com/privacy 

Data processed: Usage data, demographics  

Purpose: Website analytics and optimisation  

 

Hotjar Ltd 

Privacy Policy: https://www.hotjar.com/legal/policies/privacy 

Data processed: User behaviour, session recordings 

Purpose: User experience analysis 

 

17.3 Cloud Services Amazon web services (AWS) 

Privacy Policy: https://amazon.com/privacy 

Data Processed: All platform data  

Purpose: Cloud hosting and infrastructure 

 

Google Cloud Platform 

Privacy Policy: https://policies.google.com/privacy 

Data Processed: Platform data and analytics 

Purpose: Cloud services and data processing 

 

18. Contact Information  

 

  • 18.1 Data Protection Officer 

Email: info@premierwincompetitions.co.uk 

Post: Data Protection Officer, Premierwin Competitions Ltd, 22 Fowler Street, South Shields, Tyne and Wear, NE33 iNA 

 

  • 18.2 Complaints 

If you have concerns about our data processing you can: 

Contact our Data Protection Officer 

File a complaint with the Information Commissioner’s Office (ICO) 

ICO website: https://ico.org.uk 

ICO helpline: 0303 123 1113 

 

19. Policy Changes 

 

  • 19.1 Update Process 

We may update this Privacy Policy to reflect 

  1. Changes in applicable laws 
  2. New features or services 
  3. Improved data practices 
  4. Regulatory requirements  
  5. Business changes 

 

  • 19.2 Notification of Changes 

We will notify you of material changes through  

  1. Email notifications 
  2. Platform announcements 
  3. Website banners 
  4. Account login notifications 

 

  • 19.3 Effective Date: Changes become effective 
  1. 30 days after notification (for material changes) 
  2. Immediately for major corrections 
  3. As required by law for regulatory changes 
  4. Upon acceptance for consent-based changes 

 

  • 19.4 Previous Versions  

Previous versions of this Privacy Policy are archived and available upon request 

 

This Privacy Policy is effective from 28 September, 2025 and supersedes all previous versions.