Privacy Notice

Last Updated: October 2023

1. Introduction and Scope

At GoAU Play ("we", "us", "our"), we are deeply committed to protecting the privacy and security of your personal data. This Privacy Notice explains how we collect, use, process, and safeguard your information when you access our platform, use our services, or interact with us. This policy is designed to comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), as well as aligning with robust global standards such as the GDPR where applicable to our operational frameworks.

By using the GoAU Play platform, you acknowledge that you have read and understood the practices described in this Privacy Notice. If you do not agree with these practices, you must cease using our services immediately.

2. Information We Collect

We only collect personal information that is reasonably necessary for our business functions and activities. The types of data we collect include:

  • Identity Data: First name, last name, date of birth, and photographic identification documents required for mandatory age verification and Anti-Money Laundering (AML) compliance.
  • Contact Data: Email address, billing address, residential address, and telephone numbers.
  • Financial Data: Bank account details, payment card details (which are tokenized and processed by secure third-party gateways; we do not store full card numbers on our servers), and transaction history on our platform.
  • Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this platform.
  • Usage Data: Information about how you use our platform, products, and services, including ticket purchase history, draw selections, and interaction logs.

3. How We Use Your Data

We process your personal data under strict operational guidelines, primarily to fulfill our contractual obligations to you and to comply with legal mandates. We use your data to:

  • Register you as a new user and create your secure account.
  • Process and deliver your selected lottery entries, syndicates, and manage payments, fees, and charges.
  • Verify your identity, age, and geographical location to ensure compliance with Australian law and platform eligibility criteria.
  • Manage our relationship with you, including notifying you about changes to our terms or privacy policy, and providing customer support.
  • Administer and protect our business and platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
  • Prevent, detect, and investigate fraudulent activities, money laundering, or other illegal conduct.

4. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with strictly vetted third parties only when necessary to operate our service. These include:

  • Service Providers: IT and system administration services, payment gateways, and identity verification agencies necessary to process transactions and verify KYC documentation.
  • Professional Advisers: Lawyers, bankers, auditors, and insurers based in Australia who provide consultancy, banking, legal, insurance, and accounting services.
  • Regulators and Authorities: Government bodies and law enforcement agencies where required by law, such as reporting suspicious transactions under AML/CTF regulations.

All third parties are contractually bound to respect the security of your personal data and to treat it in accordance with the law. They are only permitted to process your personal data for specified purposes and in accordance with our strict instructions.

5. Data Security Protocols

We have implemented robust, bank-grade security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. This includes end-to-end TLS encryption for all data in transit, and AES-256 encryption for sensitive data at rest.

Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a strict business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. Your Data Rights

Under Australian Privacy Law, you have rights in relation to your personal data. You have the right to:

  • Request Access: Obtain a copy of the personal data we hold about you.
  • Request Correction: Have any incomplete or inaccurate data we hold about you corrected.
  • Request Erasure: Ask us to delete or remove personal data where there is no good reason for us continuing to process it, subject to our legal data retention obligations (such as financial auditing and AML rules).
  • Withdraw Consent: Where we are relying on consent to process your personal data, you may withdraw it at any time.

To exercise any of these rights, please contact our Data Protection Officer using the details provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

7. Contact our Data Privacy Officer

If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our Data Privacy Officer (DPO) via the following methods:

Email: privacy@goauplaylotto.com
Postal Address: Data Protection Officer, GoAU Play Pty Ltd, Level 14, 333 George St, Sydney NSW 2000, Australia.

If you are not satisfied with our response, you have the right to make a complaint at any time to the Office of the Australian Information Commissioner (OAIC).