Our Privacy Promise
We will always tell you what data we’re collecting about you and how we use it. We only share your data with trusted partners and will never sell your data.
We are committed to following industry best practices to ensure your data is stored safely and securely. We protect the confidentiality, accuracy and availability of the information we collect about you.
Information we collect about you
Technical information about your device or browser when you use the website, including , your internet protocol (IP) address, device ID, browser type and version and time zone setting, which may in some circumstances be personal data.
How and why we use your personal data
In the table below, we set out how and why we use your personal data.
|How we use your personal data||Why we use your personal data|
|Technical information||We use technical information about your visit to the website, including about your device, to optimise our service to users.||Necessary for our legitimate interests (to understand the technical usage of our website to ensure it is optimised for its users).|
|Analytics||We use information about your use of the website to optimise our service and to improve our website.||Based on your consent via the acceptance of analytic cookies.|
|Geolocation data||We use information about where you are accessing the website from in order to show relevant volunteering opportunities||Based on your consent|
How we share your data with third parties
We may share the personal data we collect from you with the following third parties:
- Our partners in the Miss Out to Help Out initiative – ITV, STV, National Lotteries Communities Fund and the website developer
How we protect your personal data
We have put various measures in place to protect your personal data:
- We are independently certified to a number of industry recognised standards, including ISO27001 which helps us maintain the highest levels of security across our entire business.
- Our website and app are regularly audited by an independent auditor to ensure we maintain our security accreditations.
- As described above, we may in some instances disclose your personal data to third parties. Where we do, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third party, and have limited control over how it is protected by that party.
Your personal data may be processed outside the European Economic Area (EEA) - including by staff operating outside the EEA who work for us or for one of our third parties mentioned. Where your personal data is transferred outside of the EEA, we require that appropriate safeguards are in place. To find out more about the appropriate safeguards that we have in place, please contact firstname.lastname@example.org
How long we keep your personal data
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
At the end of that retention period, your data will either be deleted, or anonymised (so that it can no longer be associated with you) and used for research or statistical purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you may be entitled to ask us to delete your data: see ‘Your rights’ below for further information.
You have the right:
- to ask us not to process your personal data where it is processed on the basis of legitimate interests, if there are no compelling reasons for that processing;
- to request from us access to personal information held about you;
- to ask that we stop any consent-based processing of your personal data after you withdraw that consent;
- to ask, in certain circumstances, to delete the personal data we hold about you; and
- to ask, in certain circumstances, for the processing of that information to be restricted.
By post to:
Data Protection Officer
Camelot UK Lotteries Limited
By email to:
To enable us to verify your identity and process your request, you must include all of the following information and documentation with your request:
- your full name;
- a description of the data that you are requesting, including a date range;
- a copy of your current and valid photo ID (e.g. passport photo page);
- proof of your address in the form of a photocopy of a utilities or service provider bill; and
- the date of the request.
For any other requests, we may contact you to verify your identity on the phone.
If you are unhappy with our processing of your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/. We would, however, appreciate the chance to deal with any concerns before you approach the ICO, so please contact the Data Protection Officer by email in the first instance.