This privacy statement details how we use your personal data.
Published: 1st December 2025
Welcome to the Rafflee privacy statement.
At Rafflee, we like to make things easier for our customers and that includes being clear and open about how and why we use your personal data. We know there’s nothing more off-putting than the sight of a lot of boring small print, so this privacy statement (“Statement”) is designed for you to easily access the information you need, when you need it. It’s also written in plain English, to make it clear, simple, and easy to read.
This Statement applies to our websites, application, products or services that link to this Statement or that do not have a separate privacy statement (collectively our "Services").
In this first section of the Statement, we provide an Introduction to Rafflee (including our contact details), we provide information on Privacy and Data Protection at Rafflee, we explain How to navigate and read this document and we also explain how to stay abreast of Changes to the Statement.
We hope that you find this Statement helpful but if you have any concerns or questions please feel free to share feedback via the contact methods listed in the Contact details, including DPO section below.
References in this document to "us", "our", "we", “Rafflee” are references to the following data controllers:
Both Data Controllers are Joint Controllers which means that two organisations work together and share responsibility for how your information is used for a particular purpose. We agree between us who does what, but you don’t need to figure that out—if you want to ask a question or exercise any of your data protection rights, you can contact us on dp@flutteruki.com and we will make sure your request is handled.
Rafflee is a member of the Flutter Group of Companies. Any reference to the "Group" within this Statement includes Flutter Entertainment plc and all or any of its direct or indirect subsidiary undertakings, joint venture partners, and their related companies wherever located in the world as may exist from time to time including, but not limited to, Sky Betting and Gaming, Paddy Power, Betfair, Tombola, Sportsbet, BetEasy, FanDuel, TVG, Adjarabet, Rafflee, Full Tilt and PokerStars.
The Flutter Group is split into four regional divisions, namely UK & Ireland (“UK&I”), US, Australia and International, with each one housing a number of the abovementioned Flutter Group brands. Rafflee is within the UK&I division, alongside Paddy Power, Betfair UK&I, Sky Betting and Gaming, and Tombola.
Please note that the Flutter Group also operates other gambling companies and your use of those products and services will be subject to privacy statements that may differ to the one contained herein. Any exercise of your privacy or data protection rights in accordance with this Statement will only relate to the personal data being processed by the Rafflee companies listed in the Controller details section and will not apply in regard to any products or services operated directly by the Flutter Group unless otherwise stated in this Statement.
The Flutter Group operates separate privacy policies for individuals residing in the UK which are available at:
If you have any concerns about how Rafflee handles your personal data, you can contact our Data Protection Officer (DPO) and Data Protection Team at dp@flutteruki.com. If you wish to exercise your Data Protection rights, please see YOUR DATA SUBJECT RIGHTS.
Data protection is all about keeping your personal data safe and secure, and ensuring that your legal rights in relation to your data are respected. Privacy is a fundamental right, and you are entitled to have your personal data protected, used in a fair and legal way, and made available to you when you ask for a copy.
At Rafflee, we take the protection of our customers’ personal data and privacy very seriously, and we never lose sight of the fact that your personal data is YOUR personal data.
We believe in using your personal data to make things simpler and better for you, and we will always keep your personal data safe using the highest standards of security. We’ll be clear and open with you about why we collect your personal data and how we use it, and where you have choices or rights, we’ll explain them to you and respect your wishes.
What’s more, we manage customer personal data in a tightly controlled way to ensure we deliver our products in a safe and reliable fashion, to do all we can to proactively protect our customers from harm, and to ensure our business meets its legal and regulatory obligations and is protected against attack, crime or other potential risks.
For information on cookies, please see our onsite Cookie Banners, onsite Privacy Preference Centre (located at the bottom of our websites) or visit our Cookies Policy.
It is important to check back often for updates to this Statement. If we make material and important changes, we will let you know by placing a notice on the relevant Service and/or contacting you using other methods such as email.
We gather and use different types of personal data that you provide to us, that is generated through your use of our Services or is which we have collected from other sources. This data includes your registration information, your interactions with our customer operations teams, payment information, transactional information, financial information, device, tracking and other online information, profiling and analytical information, as well as information from other sources including public sources and trusted third parties.
Below, you can find out more about the personal data submitted by you, the personal data generated from your use of our Services, and personal data obtained from other sources.
When using our Services, we collect the following types of information provided by you:
When you register an account with us, you are required to provide us with your name, postal address, e-mail address, phone number, marketing preferences and any other details as might be requested from you for the purpose of registration and/or continued use of our Services.
As a condition to using our Services, we will ask you to share your precise geolocation so we can ensure that we are authorised to provide the Services to you in your location.
When you interact with our customer operations via live chat, phone, email or social media platforms we will retain a record of your conversations with our staff, as well as notes relating to these interactions and their outcomes.
Where you contact us through a social media account we will be provided with a copy of the social media profile details (name, profile photo and other information) you make available to us as well as the content of your messages to us.
Information in relation to your chosen payment method such as debit card details, cardholder name, e-wallet details, or information in relation to your alternative payment method. All such information is processed in accordance with the Payment Card Industry Data Security Standard.
Informtion you provide in resposne to surveys or market research that we conduct.
Some of the personal data we process relating to you is generated by your use of the Services.
Your entries, deposits, payments, and other account transactions.
Details relating to your device and communication data, including IP address, browser type, unique device identifier, IDFA, hardware model, operating system and version, software, preferred language, serial numbers, device motion information, mobile network information and location data.
Information such as dates and times of access, the app features or pages you view, app crashes and other system activity, and the third-party site or service you were using immediately before visiting our site.
When you access or use our content, products, and Services, we may collect information from your devices through the use of 'cookies' and similar technologies.
These technologies can collect a wide variety of information about how you interact with our Services, such as your language preferences, pages visited and content viewed, links and buttons clicked, and URLs visited before and after you use our Services.
For further detail on cookies, please refer to our Cookies Policy. To manage your cookie preferences, please go to our onsite Cookie Management centre (located at the bottom of our websites).
We carry out profiling and analysis based upon your name, location data, entry activity, as well as other relevant data points.
Not all the personal data we hold about you will always come directly from you or from your use of our Services. As detailed below, we may also collect information from third parties such as our partners, service providers and publicly available websites (i.e. social media platforms), to comply with our legal and regulatory obligations, offer Services we think may be of interest, to help us maintain data accuracy and to provide and enhance the Services.
Your name, profile photo and other information you make available to us when you connect with or contact us through your social media account.
If you choose to open an account using your Facebook, Google or Apple account, we will use your contact information and social media account ID used for the relevant account to help populate your registration page.
We only use your personal data where necessary and where it is lawful to do so. Our use of your personal data is needed to enable us to deliver the Services to you, to meet our legal obligations, to meet or protect yours, ours, the wider public’s or other third parties’ interests, and sometimes for other reasons only where we have your explicit consent to do so.
Below, we explain how and why we need to use your personal data, providing you with information on our different uses of your personal data. This includes detailed information on the reasons for using your data, the types of personal data we use and also information on the legal basis for using your data, which may include using your personal data:
Click on each different use of personal data below to find out more about how and why we use your personal data.
All visitors to Rafflee websites, apps or other assets are covered by this Statement.
We use your personal data to provide you with the Services and ensure that our sites and apps are functioning correctly.
We use technical information about your device, operating system and browser version to present you with the correct version of our website or app and to keep it functioning securely. This information is also used to diagnose system problems, improve and test the features and functions of our Services, and carry out testing.
In order to abide by our legal and regulatory requirements, we will also check your location to ensure users are using our Services in licensed countries, and that the correct version of the site is presented to them.
We also perform analysis of the performance and usage of our website to help improve your user experience. For further information on cookies, please refer to our Cookies Policy.
| Purpose | Categories of PD | Legal Basis |
|---|---|---|
| Diagnostics, research, and development To help diagnose system problems, to administer our websites, to improve and test the features and functions of our Services, and to carry out testing and analysis. | - Device Information - Server Logs and Traffic Information | Legitimate Interests |
| Analysis Aggregated statistics and analysis on how users interact with our Services. | - Device Information - Server Logs and Traffic Information - Cookie and Tracking Information | - Legitimate Interests - Consent, where required to use non-essential cookie or related information |
All customers that register.
When you register an account with us, you are required to provide us with certain information in order to set up your account.
If you choose to open an account using your Facebook, Google or Apple account, we will use your contact information and social media account ID used for the relevant account to help populate your registration page.
When you register for an account, we will send a verification email to the address you provide. You must complete this verification step in order to activate your account. If you do not verify your email within the specified timeframe, your account may remain inactive or be deleted.
| Purpose | Categories of PD | Legal Basis |
|---|---|---|
| Register you as a customer Gathering essential information from you in order to set up your account and begin the relationship with you. | - Registration Information | Performance of a contract |
| Enable you to log-in to your account | - Registration Information - Social Media Information | Performance of a contract |
| Email Verification and Account Activation | - Registration Information | Performance of a contract |
All registered customers who add a debit card to, deposit to or withdraw from their account.
In order to process your debit card addition, deposits, we will use information in relation to your chosen payment methods. These details are used to provide you with swift and secure deposits, to prevent, where possible, fraudulent use of your payment methods, and to monitor trends and performance in relation to our payment Services.
When you make a deposit to your account, your card details or details in relation to your bank or e-wallet provider will be used in order to process these transactions. Rafflee is fully compliant with the Payment Card Industry Data Security Standards (‘PCI DSS’), and your payment information is protected to the highest degree possible.
If you have concerns in relation to a deposit that you have made, we will investigate your query promptly and may use further information in relation to your account to support this investigation. You may be asked to provide further information, and in certain circumstances, we may contact your bank or payment provider to resolve the issue.
In certain circumstances, where we have concerns over payments being made on customer accounts, we may perform additional due diligence to confirm that funds are being sent and received from the true owner of the account. We may examine details in relation to your location, IP address or device to confirm where payments are being made from.
We also perform monitoring on all debit card additions, deposits, in order to rapidly identify errors or suspicious activity. These processes use the minimum personal data necessary to alert the relevant teams who may then investigate further.
We will use your information to deliver the Services and process the transactions that you make. For these purposes, your transactional information may be analysed in order to improve the Services we provide and in order to investigate and resolve issues with the functioning of the Services.
In addition to the purposes outlined above, we also use your personal data to enable and support a range of essential account, access, competition, payment, and prize-related features. This includes processing information necessary to enable your participation in competitions, and managing the submission of Rafflee tickets, including where processed through our postal partners.
We use your personal data to process payments for Rafflee tickets and fulfil cash prizes through trusted partners and facilitate winner declaration through our partners.
Finally, to enable us to deliver prizes, we may need to collect additional information from you, which can include verification documents such as a valid driving licence and bank account details for payment processing. We may also share the information necessary to fulfil prize delivery with trusted third-party service providers, such as payment processors, courier companies, or prize partners. These third parties are required to handle your information securely and use it only for the purposes of administering and delivering your prize.
| Purpose | Categories of PD | Legal Basis |
|---|---|---|
| Processing payment method additions, deposits Using your payment details to process the transactions you request. | - Registration Information - Payment Information - Device Information - Cookie and Tracking Information | - Performance of a contract - Legitimate business interests |
| Investigating escalations and complaints relating to payments Investigating concerns, you or others may raise in relation to payments made on your account, or using your payment information. | - Registration Information - Payment Information - Transactional Information - Device Information - Cookie and Tracking Information | - Performance of a contract - Legal and regulatory obligations - Consent, where required to use non-essential cookie or related information |
| Monitoring alerts and Reporting Real-time monitoring of deposits to identify trends and transactions requiring further review. | - Registration Information - Payment Information - Transactional Information - Device Information - Cookie and Tracking Information | - Performance of a contract - Legal and regulatory obligations - Consent, where required to use non-essential cookie or related information |
| Processing Payments and entries into competitions Providing the services and processing the transactions that you make. | - Registration Information - Payment Information - Transactional Information - Device Information - Cookie and Tracking Information | - Performance of a contract - Consent, where required to use non-essential cookie or related information |
| Processing Rafflee Entries through Post Processing your posted entries to competitions. | - Registration Information | - Performance of a contract |
| Fulfilling Prizes Providing winners with the respective prizes. | - Registration Information - Payment Information - Transactional Information - Device Information - Cookie and Tracking Information | - Performance of a contract |
This section applies to any person that contacts Customer Operations via email, chat, phone, and social media.
From time to time, you may experience issues with your account or the Services, or may have queries about the markets or products we offer.
When you contact our Customer Operations teams via the contact methods we offer, we will use information relating to your account and activity, as well as the information you provide to our staff, to investigate your query and work towards a resolution.
In order to process your query, you may be asked for additional information in relation to the issue you are facing. Any information you provide may be shared internally with other relevant operational teams. For example, if you raise a concern in relation to Safer Gambling, your details may be shared with our Safer Gambling teams for further review.
Should you decide to raise a complaint, a dedicated complaints procedure will be followed, including, where appropriate, escalation to our dedicated complaints team.
Please note that all interactions you have with our Customer Operations functions are recorded and retained. We use a number of third-party software tools to help deliver our support functions, and information you share with will be processed and/or stored on these tools.
| Purpose | Categories of PD | Legal Basis |
|---|---|---|
| Resolve queries related to your account, any ticket entries Investigate and share information relating to your Customer Operations contacts | - Registration Information - Device Information - Transactional Information - Social media profile details - Interactions with Customer Operations | - Legitimate business interests - Performance of a contract |
| Opening and closure of accounts upon request Processing data to register or close accounts via our Customer Services team | - Registration Information - Social media profile details - Interactions with Customer Operations | - Performance of a contract |
Anyone to whom Rafflee directly or indirectly markets, promotes or advertises its products
Your marketing preferences with Rafflee are based on whether you want (i) to receive marketing offers and communications from us, and/or (ii) your profile to be used by us in order to market to you (‘Personalised Marketing’).
The below apply to the marketing choice to receive marketing offers and communications from us or not:
Subject to any consent preferences you have expressed (where applicable), we use personal data to deliver marketing and event communications to you across various platforms, such as email, SMS, and push notification.
We will do this during the period of your relationship with us and, unless specifically instructed otherwise by you, for a maximum of 2 years after your account has been inactive in order to inform you about products, services, promotions and special offers which we think may be of interest to you.
If you wish to opt out of receiving direct marketing through all channels (i.e. email, SMS and push), you can do so by going to your account and ensuring that the option to receive offers and communications is opted out.
You can also opt out of receiving directing marketing via specific channels as follows:
Please allow up to 28 days for any changes you make to your marketing preferences to be fully processed. Please remember that even if you opt out of receiving direct marketing, we may still send you important information related to the Services. Also, please note that if you opt out of direct marketing, you will still continue to receive bespoke offers and bonuses online while using the Services.
If you have indicated your consent to receive marketing from us, we may from time to time send you direct marketing material relating to products offered by other companies within the Flutter Group, as described in the About the Flutter Group section above.
If you opt-out of receiving marketing from us, we will not send you marketing relating to the Flutter Group.
Please note that if you hold separate accounts within the Group, you should consider your marketing preferences for each separately. For example, if you opted out of marketing for any other brand within the Flutter Group and not Rafflee, you will continue to receive marketing communications directly from Rafflee unless updated.
The below apply to the marketing choice for your profile to be used by us to send you marketing offers and communications i.e. ‘Personalised Marketing’:
We will work with social media companies such as Facebook and Twitter to provide you with information about our Services via their platforms.
If you are opted in to Personalised Marketing, we may share limited personal data with the social media companies to enable us to send you information via their platforms, or market to audiences within their platforms who share similar characteristics to you.
Please note that you may still see adverts from us on social media platforms, even if you are opted out of Personalised Marketing with us. This type of display, non-targeted marketing is not based on any personal data held or controlled by Rafflee.
We use a combination of information including, but not limited to, advertising cookies, your email address, your device identifier, phone number, date of birth, address and your onsite activity to show you targeted and relevant advertisements.
You can control the use of cookies via our onsite Cookie Banner or our onsite Cookie Management centre (located at the bottom of our websites). For further information, please visit our Cookies Policy.
At Rafflee we want to make your experience better for you, so we tailor the offers and information we send to suit you using information such as your location, interactions with our Services, Rafflee history and patterns, and social media usage.
We also combine this with information obtained from publicly or commercially available sources to fine-tune the offers we present to you.
We will still make onsite recommendations you might enjoy based on overall customer behaviour rather than information about you as an individual.
You may still see our adverts on other websites or social media platforms you visit, but these will not be specifically targeted at you.
For iOS Users, every iOS device is assigned an Identifier for Advertisers (IDFA) which enables app owners and advertisers to track campaigns and deliver personalised advertising. If you are an iOS user and have opted into tracking for Rafflee, your IDFA (Identifier for Advertisers) is used to deliver you personalised advertising that is relevant to you (based on information we have about you, including browsing history, transactional information, demographic information and behavioural information, predictive information we create about you in each case in relation to our Services and advertising and information about what other people with similar interests, demographics and behaviours are looking at) and is used for attribution and analytics purposes to tell us when and how you have interacted with advertisements, including those that have been placed on a third party site or app, and so we can assess the effectiveness of our campaigns.
You can opt-out of this at any time by visiting your mobile settings (by going to Settings > Privacy > Advertising and turning on Limit Ad Tracking).
We may publish players aliases and/or chat names, along with any winnings and prizes received, on our websites in accordance with our legitimate interests. Similarly, where you attend an event that is organised or sponsored by Rafflee, we may, at our discretion, use footage recorded at such events as part of future promotional content.
If you choose to participate in a survey or poll, any personal data you provide may be used for marketing or market research purposes in accordance with our legitimate interests.
| Purpose | Categories of PD | Legal Basis |
|---|---|---|
| Direct Marketing Send tailored communications to you via Email, SMS or Push based on the contact preferences you have selected. | - Registration Information - Transactional Information - Device Information - Cookie and Tracking Information | - Consent |
| Group Direct Marketing Send communications about other companies within the Flutter Group to you via Email, SMS or Push based on the contact preferences you have selected. | - Registration Information | - Consent |
| Social Targeting Deliver tailored content to you, and individuals with a similar profile to you, on social sites with which you may hold an account. | - Registration Information - Device Information - Cookie and Tracking Information | - Legitimate interests - Consent (Where targeting is delivered using tracking technologies) |
| Online Advertising Display banner adverts on trusted third-party websites across the web. | - Registration Information - Device Information - Cookie and Tracking Information | - Legitimate interests - Consent (Where targeting is delivered using tracking technologies) |
| Marketing Personalisation Using information we hold on you to predict and offer you the type of content and offers that we believe you will enjoy. | - Registration Information - Device Identifiers - Cookie and Tracking Information - Transactional Information - Information derived from profiling and analysis | - Legitimate interests - Consent (Where targeting is delivered using tracking technologies) |
| Promotional Content Publishing details of your alias and winnings, or footage at promotional events | - Registration Information - Transactional Information - Video Footage | - Legitimate interests |
| Surveys and Polls Using your responses to surveys and requests for feedback to improve the services we deliver. | - Responses to Surveys and Market Research | - Legitimate interests |
All customers of Rafflee.
In order to provide the Services to you in accordance with the Services’ terms and conditions, and for our legitimate purposes, we process your personal data to evaluate our commercial performance and manage risks to our business.
We carry out basic analytics to help us understand how, when, where and why our customers use our Services, and how our business is performing. This helps us monitor and plan everything from the effectiveness of our advertising through to ensuring we have enough staff available to handle queries at peak times.
Most people use our products and Services fairly, but we carry out monitoring of how our customers bet, play and interact with our products and Services, to identify behaviour that is not in line with our Terms & Conditions or that could be prejudicial to our commercial interests.
| Purpose | Categories of PD | Legal Basis |
|---|---|---|
| Customer Analysis Monitoring and analysing customer behaviour to improve the performance of our business. | - Registration Information - Transactional Information | - Legitimate interests |
All visitors to Rafflee websites, apps or other assets covered by this Statement.
We use personal data to deliver and suggest tailored content to personalise your experience with our Services. This is processing which is necessary for the purpose of our legitimate interests in delivering or presenting relevant content to our customers.
Whichever Services you use, wherever and however you interact with us, we want to give you the same great level of service and make it personal to you. We will tailor your experience, personalising the layout and content of our sites according to what we know about you, your preferences and the way you like to play.
We believe this personalised experience makes it better and we want to give you the best customer experience we can. Using your personal data in this way enables us to do that in a way that we believe does not have an impact on your privacy. If you don’t want your data used in this way your option is to not use our Services and to close your account.
Please note that some aspects of your customer experience are provided via cookies. If you have provided consent for these cookies, we will personalise certain aspects of our site, such as remembering your user name and location. You can change these preferences at any time via our Cookie Management centre located at the bottom of our websites. For more information visit our Cookies Policy.
| Purpose | Categories of PD | Legal Basis |
|---|---|---|
| Onsite Personalisation Tailoring your onsite experience to match your preferences. | - Registration Information - Transactional Information - Cookie and Tracking Information - Device Information | - Legitimate Interests - Consent, where required to use non-essential cookie or related information |
All individuals who engage with Rafflee or use its Services.
In addition to the purposes we described above, there are other circumstances in which we are required to process your personal data, as described below:
Apart from the functions set out in this Statement, we do not share your personal data with third parties except where we are compelled or permitted by law to do so. These circumstances are rare but may require us to share information in response to requests from courts, law enforcement agencies, and other public and government authorities, which may include such authorities outside your country of residence.
Whenever we share personal data, and whatever the circumstances, we will always do so legally and with due regard to your privacy. If we receive a request from law enforcement or other statutory bodies, we do not disclose personal data without a warrant, court order or other legally valid proof of authority.
Where necessary to protect or defend our rights and interests, defend against legal claims, resolve disputes, respond to what we consider to be incorrect or misleading information provided to a media outlet, or enforce our agreements, we reserve the right to share personal data with external legal advisors, debt recovery and tracing agencies, and media outlets, although again these circumstances are rare.
We may be required to use and retain personal data in order to protect our rights, information, privacy, safety, or property, or those of other persons in accordance with our legitimate interests, or in some instances, with our legal obligations.
If ownership of all or part of our business changes or we undergo a reorganisation or restructure, we will transfer your personal data to the new owner or successor company so we or they can continue to provide the Services you have requested.
In accordance with our obligations under company law and other similar regulations we are required to keep a record of your transactions in order to maintain proper financial records and ensure all transactions are being performed in accordance with the Terms and Conditions of our Services.
| Purpose | Categories of PD | Legal Basis |
|---|---|---|
| Information/Disclosure Responding to valid requests from courts, law enforcement agencies, regulatory agencies, auditors, and other public and government authorities, or submitting information to regulatory agencies. | Any personal data held, as required to meet the purpose | Legal and regulatory obligations |
| Protecting and defending our rights and interests Responding to incorrect or misleading claims in media outlets or other public fora. | Any personal data held, as required to meet the purpose | - Legitimate interests - Legal and regulatory obligations |
| Information Security and Loss Prevention Protecting our rights, privacy, safety, or property, or those of other persons in accordance with our legitimate interests. | - Registration Information - Transactional Information - Device Information - Correspondence with Customer Operations | - Legitimate interests - Legal and regulatory obligations |
| Restructuring Transferring your personal data to the new owner or successor company so we or they can continue to provide the Services you have requested. | All personal data held | - Legitimate interests |
| Financial Reporting and Analysis Maintaining financial records in accordance with company law. | - Registration Information - Transactional Information | - Legal and regulatory obligations |
This section provides you with some other important information you need to be aware of in relation to how we use your personal data, including information on how we share your personal data with the Flutter Group, international transfers of your personal data, how we keep your personal data secure and how long we need to keep your personal data for. Click any of the topics below for more details.
As explained in the About the Flutter Group section above, Rafflee is part of the wider Flutter Group and sits within the UK&I division.
We have explicitly called out a number of specific situations in this Privacy Statement where the Flutter Group companies may use your information, including where Sky Betting & Gaming, Paddy Power and/or Betfair are providing support to Rafflee as part of the UK&I division’s operations and to other Flutter Group members for marketing purposes, customer services purposes, the prevention of crime and to meet legal and regulatory obligations.
Additionally, we may share personal data with the Flutter Group as part of our group internal reporting and assurance in order to facilitate business efficiency and improvements including, but not limited to, research across our group, testing of systems and/or suppliers, risk management, the provision of technology, finance or security support, and the development of new products and tools.
We may also in the future share personal data with other members of the Flutter Group for purposes that are related to and compatible with those set out in this Statement. Finally, where we are required by law or regulation to share personal data to members of the Flutter Group for reasons beyond those set out in this Statement, we will be required to do this.
Some of the third-party providers we use, as well as companies within the Flutter Group, are based in, or carry out their activities in, countries outside the European Economic Area ('EEA') and/or outside the UK. This includes technology being set up by a Flutter Group company based in India, which will involve the transfer of some data to India.
Countries outside the EEA and UK do not always have strong data protection laws. This means that, unless your personal data is being transferred to a country where the European Commission or UK has determined there to be an adequate level of protection, we have to put in place additional protections to ensure that your personal data is protected to the same level as it is within Europe or the UK.
We put these additional protections in place by using standardised contractual clauses that have been approved by the European Commission (for transfers outside the EEA) and the Information Commissioner's Office (for transfers outside the UK). Where necessary, we also put in place any additional contractual measures required by local law in any of the countries in which we operate. As and when required, we will also put additional technical or organisational measures in place to ensure that your data is kept safe.
We recognise that online security and data protection is an area of vital importance for all our customers, so it is important to us that you have confidence in the security of your personal details before you register an account. We are committed to employing security measures to protect your information from access by unauthorised persons and to prevent accidental or unlawful processing, disclosure, destruction, loss, alteration and damage.
Our technological security solutions are very advanced and are governed by a mature framework. Our approach is focused on preventing risks. In order to help us in this regard, we employ pseudonymisation and encryption whenever possible to reduce the impact of any potential incidents.
As the security of some communications via the internet is not completely secure, we cannot guarantee the security of any information that you disclose using your internet connection. You accept the inherent security implications of using the internet and the Group will accept no liability for any direct, consequential, incidental, indirect, or punitive losses or damages arising out of such an occurrence.
A key principle of data protection is ‘storage limitation’, which means that organisations should only hold onto your personal data for as long as is needed.
At Rafflee, we have taken steps to ensure that we hold your personal data only as long as we have a valid legal basis or reason to do so, which includes providing you with the Services you have requested, meeting our legal and regulatory obligations, resolving disputes and enforcing our agreements.
The length of time for which we keep different types of personal data can vary, depending on why we originally obtained them, the reason we process them and the legal requirements that apply to them. When setting our data retention and deletion timescales we take into account a range of factors including applicable regulations and standards relating to anti-money laundering, taxation, payment processing and complaint handling, the need to prevent or detect crime or other misuses of our Services, and audit requirements.
To fulfil our requirements, some of your personal data will need to be retained for a period of time after you cease to be a customer. When we no longer need it to fulfil the purposes and legal bases set out in this Statement, we delete it securely. Subject to us not having a legal or regulatory requirement or a risk management reason for retaining your information for a longer period, your information will not be kept for longer than 7 years from your last login.
This allows us to meet our record-keeping obligations in applicable legislation, as well as allowing us to defend ourselves against potential legal claims.
We will take all necessary steps to ensure that the privacy of information is maintained for the period of retention. Where we wish to retain any information for analysis purposes, we first anonymise it to the standards approved by the UK Information Commissioner’s Office (which, as we are based in the UK, is our lead regulator on matters relating to data protection) so that it can no longer be linked back to an individual.
Under data protection law, you have a number of rights which are detailed below. We want to be clear about what those rights mean in practice and how you can exercise them. Please note that some of these rights only apply in specific circumstances and are qualified in several respects by exemptions in Data Protection legislation.
We will advise you in our response to your request if we are relying on any such exemptions.
For any queries related to your personal data or any of your rights referenced below, please feel free to contact us at: dp@flutteruki.com
You have a right to request a copy of the personal data that we hold about you. Should you wish to make such a request, you should submit a request to dp@flutteruki.com. You will be asked to provide adequate information to identify yourself such as a copy of your photographic identification (ID Card, Driving License or Passport) and any other relevant information such as your account username and email address that will assist us in fulfilling your request.
Where you request a copy of your personal data, you will be provided with:
If there is additional information that you believe we hold on you, please let us know and we will gladly investigate further.
We will fulfil requests wherever possible, but there are occasional situations in which the law requires or permits us to withhold some information (such as where it would involve disclosing information about another person or information which is commercially sensitive). If either of these applies, we will explain this to you.
We will provide our response within one month however if your request is unusually complex and likely to take longer than a month, we will inform you of this and how long the request will take to complete.
You can request us to rectify and correct any personal data that we are processing about you that you believe is incorrect. To make things easier, we provide you with account settings and tools to access the information associated with your account.
You can update your personal details at any time by visiting your ‘My Account’ section online.
If it is something you cannot correct yourself online, such as your name or date of birth (which, for account security and fraud prevention reasons, cannot be changed using self-service methods), you should contact our Customer Operations team or email dp@flutteruki.com.
We’ll update inaccuracies promptly, and within a month if you are requesting a more complex change. If we take the decision not to make a change you have requested, we will explain why and make a note on your account to show that you requested the change. If you disagree with our decision, you have the right to complain to the regulator.
You have the right to request us to erase your personal data where we have no compelling reasons to continue storing or processing your data, and specifically, where one of the following grounds applies:
Please note this right only applies in certain circumstances, it is not a guaranteed or absolute right.
As outlined above, your data will generally be retained for a period of 7 years, and during this time we may not be able to uphold your request.
If you still wish to exercise your right, you should contact dp@flutteruki.com. We will respond within one month and explain our decision.
You have the right in certain circumstances to request that we suspend our processing of your personal data, where one of the following grounds applies:
Where we suspend our processing of your personal data, we will still be permitted to store your personal data, but any other processing of this information will require your consent, subject to certain exemptions.
Where you have obtained the restriction of processing you will be informed by us before the restriction of processing is lifted.
In order to make a request for the restriction of your processing, please contact us on dp@flutteruki.com. You will receive a response within one month.
The right of portability allows you to re-use some of your personal data online by making it available in a commonly-used, machine-readable format that can be passed to and used by other organisations. This right applies to data that you have provided to us with your consent, or which was necessary for us to provide you with our products and Services.
You may also have the right to have your personal data transferred by us directly to the other organisation if this is technically feasible.
If you wish to exercise this right, you should submit your request to dp@flutteruki.com. Alternatively, please contact our Customer Operations team by selecting the 'Contact Us' button at the bottom of this article and following the instructions.
We will provide you with the following information as a CSV file:
Before responding to your request, we will ask you to provide valid proof of identity, and we will provide our response within one month of receiving it.
In future, it may become possible to transfer (or ‘port’) data directly between organisations. In the meanwhile, if you would like to take your Rafflee data to another provider you should first check that your chosen provider is able to upload data from a CSV file before making your request as above and passing the file to the provider yourself.
You have the right to object to our use of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or where we need to process your personal data in connection with any legal claims.
To exercise your right to object please contact us on dp@flutteruki.com.
We will respond to you within one month. If we refuse to uphold your request and you disagree with our decision on this, you have the right to complain to the regulator.
You also have the right to opt-out of having your information used to create a ‘profile’ of you for marketing purposes. You may exercise this right by opting out via your ‘My Account’.
You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or has a similarly significant affect on you.
This right does not apply where you have provided your explicit consent for us to use your data in this way, where the decisions are needed to enter or perform a contract with us (for example, the terms and conditions of our Services), or where the decision is needed to meet our legal or regulatory obligations.
Where the decisions are made based on your explicit consent, or they are needed to enter or perform a contract with us, you have the right to request human involvement in the decision, to express your point of view or to contest the decision made.
If you have any concerns in relation to automated processing that we may perform you can contact us at any time.
If you believe your data protection or privacy rights have been infringed, or you disagree with a decision we have made about your data protection or privacy rights, you have the right to complain to the data protection regulator.
If you are based in the UK, you should contact the Information Commissioner’s Office. For your convenience, we have provided their contact details below:
In the UK, ICO https://ico.org.uk/
-17640759200799.webp?v=1764075920)