PRIVACY POLICY
Last updated: 11 July 2025
This policy governs the handling of personal information, covering collection, use, retention, and disclosure under applicable privacy laws. It includes user rights, security safeguards, cookie and tracking practices, data retention timelines, minor protections, consent withdrawal, breach notification, and procedures for submitting privacy inquiries and data access or correction requests.
POLICY STATEMENT
Your personal information is important to us, and we are committed to handling it with the highest standards of security and confidentiality. This Privacy Policy ("Policy") sets out the legally binding terms under which personal information is collected, used, disclosed, retained, and safeguarded by the OZsweepstakes platform (the "Platform", "we", "us", or "our"), accessible at https://ozsweepstakes.com.
The Platform is operated by Gaineroo Pty Ltd (ACN 638 202 114), a company registered in Australia with its office at Tower One Barangaroo, Level 35, 100 Barangaroo Avenue, Sydney NSW 2000. Gaineroo Pty Ltd is licensed and regulated by the Northern Territory Government of Australia under Internet Gaming Licence IGL1011, issued 25/01/2022.
We may process personal information when you:
- Visit the Platform or any other site we operate that links to this notice;
- Use our services to access lottery courier offerings, enabling the purchase of official lottery tickets from authorised providers;
- Engage with us in other ways, including through customer support, marketing, or events.
This Policy is governed by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable laws, including the Spam Act 2003 (Cth), the Competition and Consumer Act 2010 (Cth), and licensing obligations applying to authorised operators in the Northern Territory. It also reflects compliance with advertising and data collection standards imposed by Google, Microsoft, Meta, and other third-party platforms.
We are committed to protecting your personal information and maintaining strict privacy standards. Our systems, policies, and procedures are designed to comply with Australian privacy law.
If you have any questions about this Privacy Policy, or wish to exercise your legal rights, you may contact us by email at support@ozsweepstakes.com, or by post to Gaineroo Pty Ltd, Tower One Barangaroo, Level 35, 100 Barangaroo Avenue, Sydney NSW 2000, Australia.
The Services are intended only for individuals aged 18 years or older who are residents of Australia. Persons under 18, or those located outside Australia, are not permitted to use or register for the Services.
By using the Platform, you agree to this Privacy Policy, our Terms of Service, and our Cookies Policy, and you acknowledge that you have read, understood, and consented to the collection, use, storage, and disclosure of your personal information in accordance with these terms.
TABLE OF CONTENTS
- INFORMATION WE COLLECT AND STORE
- USE AND PURPOSE OF YOUR INFORMATION
- DISCLOSURE OF COLLECTED INFORMATION
- USE OF COOKIES AND TRACKING TOOLS
- RETENTION PERIOD FOR INFORMATION
- INFORMATION SECURITY MEASURES
- COLLECTION OF DATA FROM MINORS
- YOUR DATA RIGHTS AND CHOICES
- DO-NOT-TRACK SETTINGS AND CONTROLS
- CHANGES TO THIS PRIVACY POLICY
- CONTACT INFORMATION AND ENQUIRIES
- ACCESS, UPDATE OR DELETE DATA
1. INFORMATION WE COLLECT AND STORE
We collect and process personal information from you directly and automatically when you interact with our services. The categories of information we collect are necessary for the provision of our services, security, and legal compliance. All personal information collected is processed in accordance with the terms of this Policy and applicable laws. You are responsible for ensuring that the personal information you provide to us is true, complete, and accurate, and you must notify us of any changes to such information.
1.1 Personal information you disclose to us
You voluntarily provide us with personal information when you register on the Services, express an interest in our products and Services, participate in activities on the Services, or otherwise when you contact us.
(a) Personal Information Provided by You
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
- names
- email addresses
- usernames
- passwords
- contact or authentication data
- phone numbers
- mailing addresses
- contact preferences
- billing addresses
- date of birth
(b) Sensitive Information
We do not process sensitive personal information. Unless you provide this information to us yourselves, we do not request, nor do we collect, any sensitive information about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. We also do not collect any information about criminal convictions and offences.
(c) Payment Data
We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. Credit and debit card details are not stored on our servers but are encrypted by the processing bank.
1.2 Information automatically collected
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
The information we collect includes:
(a) Log and Usage Data
Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps'), and hardware settings).
(b) Device Data
We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
(c) Location Data
We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
1.3 Google API
We utilize Google's reCAPTCHA service to protect our contact and submission forms from spam and abuse. This service may collect personal information, such as your IP address, to determine if you are a human user. The information collected by reCAPTCHA is processed in accordance with Google's Privacy Policy. Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
2. USE AND PURPOSE OF YOUR INFORMATION
We process your personal information for specific and legitimate purposes as outlined in this Policy. These purposes include the following:
- To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
- To deliver and facilitate delivery of services to the user: We may process your information to provide you with the requested service and to fulfill the core functions of the Platform.
- To respond to user inquiries/offer support to users: We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
- To send administrative information to you: We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
- To fulfil and manage your orders: We may process your information to fulfil and manage your orders, payments, returns, and exchanges made through the Services.
- To protect our Services: We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
- To evaluate and improve our Services and user experience: We may process your information when we believe it is necessary to identify usage trends and to evaluate and improve our Services, products, and your experience.
- To comply with our legal obligations: We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.
All processing of personal information is conducted in accordance with the Australian Privacy Principles and applicable data protection requirements, and is subject to internal controls designed to ensure data minimisation, accuracy, and purpose limitation. Personal information is not used for purposes unrelated to its original collection unless authorised by law or valid consent.
3. DISCLOSURE OF COLLECTED INFORMATION
We may disclose personal information to third parties strictly as required for the lawful operation of the Website, performance of contractual obligations, compliance with legal duties, or in accordance with your express instructions.
Disclosure may occur to the following categories of recipients:
(a) identity verification providers, credit reference agencies, or age verification services engaged to confirm user eligibility and regulatory compliance;
(b) licensed payment processors, financial intermediaries, and reconciliation providers for the purpose of executing and confirming lawful transactions and withdrawals;
(c) infrastructure hosting providers, cloud storage operators, and technical service vendors contracted to provide secure and scalable platform support;
(d) analytics and advertising platform providers (including Google, Microsoft, Meta, and affiliate networks) for the purpose of campaign attribution, remarketing, conversion tracking, and compliance with advertising policies, subject to consent and applicable opt-out mechanisms;
(e) regulatory authorities, law enforcement agencies, or governmental departments where required by warrant, subpoena, notice, or statutory reporting obligation;
(f) auditors, legal counsel, compliance consultants, or dispute resolution bodies engaged to assist in the investigation or resolution of regulatory, legal, or contractual matters;
(g) parties to any actual or proposed merger, acquisition, restructure, financing, or sale of assets, to the extent necessary to facilitate due diligence or operational succession.
All third-party recipients of personal information are bound by legally enforceable obligations of confidentiality, data protection, and purpose limitation. Personal information may not be used by third parties for any independent or unauthorised purpose.
We do not sell, rent, trade, or otherwise commercialise personal information to third parties for unrelated direct marketing or profiling purposes. We may need to share or transfer your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Where personal information is transferred outside Australia, we ensure that the overseas recipient is subject to equivalent privacy obligations, or that the transfer is otherwise permitted under the Privacy Act 1988 (Cth). Where required, we will obtain your express consent before any such international transfer occurs.
4. USE OF COOKIES AND TRACKING TOOLS
The Website uses cookies and equivalent tracking technologies to facilitate secure account access, optimise performance, assess user engagement, and support lawful advertising and promotional campaigns.
Cookies are data files stored on your device that allow us to identify sessions, remember preferences, and deliver relevant content. Cookies may be classified as either strictly necessary (essential for functionality) or non-essential (used for performance, analytics, or marketing).
To enable the working of certain functions during your visit to our Services, we make use of cookies on various pages. We use two types of cookies:
- 'session cookies' which are stored temporarily during a Browse session in order to allow normal use of the system and are deleted from your device when the browser is closed;
- 'persistent cookies' which are read only by our Services, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in.
We deploy tracking technologies only in accordance with the Australian Privacy Principles, the Spam Act 2003 (Cth), and the consent and data use requirements of Google Ads, Microsoft Ads, Meta, and related third-party platforms. No non-essential cookies will be placed until you have provided affirmative consent through our cookie consent interface.
We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.
The following technologies are used on the Website:
| Tool | Purpose | Privacy Policy Link |
|---|---|---|
| Google Analytics | Visitor behaviour analysis, session statistics | https://policies.google.com/privacy |
| Meta Pixel (Facebook) | Conversion tracking, ad attribution, remarketing | https://www.facebook.com/policies/cookies |
| Microsoft Clarity | User session recording, heatmap analysis | https://privacy.microsoft.com/privacystatement |
| Google reCAPTCHA | Spam protection, bot detection | https://policies.google.com/privacy |
For detailed information about our cookie practices, please refer to our Cookies Policy.
5. RETENTION PERIOD FOR INFORMATION
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Personal information may be retained for extended periods where required by:
(a) anti-money laundering (AML) and counter-terrorism financing (CTF) legislation;
(b) taxation and financial reporting obligations;
(c) regulatory licence conditions imposed under the Northern Territory gambling regime;
(d) statutory limitation periods relevant to contractual enforcement or legal claims;
(e) documentation and recordkeeping obligations imposed by applicable authorities.
Upon account closure or termination, personal information will be retained only to the extent required for legal compliance, evidentiary integrity, or security monitoring. Once such retention is no longer required, the data will be securely deleted or irreversibly anonymised.
Backup data may be retained in encrypted storage environments for disaster recovery and compliance continuity. Access to archived data is strictly restricted and monitored.
6. INFORMATION SECURITY MEASURES
We have implemented and maintain appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process.
These security measures include:
- Encryption of data in transit using Transport Layer Security (TLS) protocols;
- Hosting infrastructure with segmented access zones, firewall protection, and secure authentication;
- Multi-factor authentication (MFA) and role-based access controls for administrative systems;
- Regular vulnerability assessments, penetration testing, and external security reviews;
- Continuous monitoring for suspicious activity, anomalies, or unauthorised attempts to access platform assets;
- Separation of user data from internal operations and third-party systems under a strict least-access policy.
However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be completely secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment and are responsible for maintaining the confidentiality of your login credentials. You must notify us immediately of any suspected unauthorised access to your account.
In the event of a data breach affecting personal information, we will take all steps required under the Notifiable Data Breaches scheme established by the Privacy Act 1988 (Cth), including mandatory notification to affected individuals and the Office of the Australian Information Commissioner (OAIC), where applicable.
7. COLLECTION OF DATA FROM MINORS
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. Access to the Website and participation in any services offered by OZsweepstakes is strictly limited to individuals who are eighteen (18) years of age or older. This restriction is imposed to ensure compliance with applicable gambling legislation, age-based eligibility requirements, and responsible gaming obligations under Northern Territory licensing conditions.
We implement identity and age verification procedures during account creation and at any time deemed necessary for ongoing compliance. If a user is identified or reasonably suspected to be under the age of 18:
(a) the user account will be immediately suspended or permanently terminated;
(b) all personal information associated with the account will be erased or anonymised;
(c) we may notify relevant regulatory or law enforcement authorities, as required by law.
If we learn that personal information from users under 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of a minor using the Website or submitting personal information through any channel, you must immediately notify us at support@ozsweepstakes.com.
8. YOUR DATA RIGHTS AND CHOICES
You are entitled to certain rights regarding your personal information. These rights are fundamental to the protection of your personal data. We acknowledge these rights and are bound by legal duty to assist you in their exercise.
8.1 Your Privacy Rights
As an individual whose personal information is collected and processed by us, you may, subject to verification and legal limitations, exercise the following rights under the Privacy Act 1988 (Cth):
(a) Right of Access. You may request confirmation of whether we hold personal information about you and obtain a copy of such information.
(b) Right of Correction. You may request correction of any personal information that is inaccurate, incomplete, or outdated.
(c) Right of Erasure. You may request deletion of your personal information where it is no longer required for any lawful purpose and no legal or regulatory obligation prevents erasure.
(d) Right to Object. You may object to the use of your personal information for direct marketing or analytical profiling purposes.
(e) Right to Restrict Processing. You may request that we temporarily suspend processing of your information under certain conditions.
(f) Right to Withdraw Consent. Where processing is based on your prior consent (e.g., for marketing or non-essential cookies), you may withdraw such consent at any time.
(g) Right to Data Portability. Where technically feasible, you may request a copy of your personal information in a structured, machine-readable format.
8.2 How to Exercise Your Rights
The easiest way to review or change the information in your account or terminate your account is to:
- Log in to your account settings and update your user account; or
- Contact us via the support form provided in your account.
We may require you to verify your identity before acting on any request to protect the security and integrity of your personal information. All requests must be submitted in writing.
8.3 Our Response to Your Request
We will respond to all valid requests within thirty (30) calendar days unless an extension is legally permitted.
We may decline a request where:
- the information is required to comply with a legal obligation;
- the request is manifestly unfounded, repetitive, or excessive;
- disclosure would impact the privacy of others or breach applicable laws;
- the information must be retained for anti-money laundering (AML), counter-terrorism financing (CTF), licensing, taxation, or dispute resolution purposes.
If you are dissatisfied with our response, you may lodge a formal complaint with the Office of the Australian Information Commissioner (OAIC) via https://www.oaic.gov.au.
9. DO-NOT-TRACK SETTINGS AND CONTROLS
Some web browsers and mobile applications allow users to transmit a "Do Not Track" (DNT) signal to indicate a preference to disable cross-site tracking.
At present, no legally binding or industry-wide standard for recognising DNT signals exists. Accordingly, the Services do not respond to DNT signals at this time. We remain committed to updating our DNT recognition policy to comply with any new legal standards, guidance from the OAIC, or platform policies. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
Users may exercise control over tracking through the following measures:
- Adjusting consent preferences using our on-site cookie banner;
- Using browser controls to block, restrict, or delete cookies and tracking technologies;
- Employing opt-out mechanisms made available by advertising platforms (e.g., Google Ads Settings, Microsoft Advertising Opt-Out).
Refusing tracking cookies will not affect your ability to access the Services, but may limit the functionality or relevance of certain features.
10. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated 'Revised' date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
11. CONTACT INFORMATION AND ENQUIRIES
If you have any questions or comments about this Privacy Policy, or wish to submit a privacy-related enquiry, complaint, or data access request, you may do so in writing by email or post using the contact details below:
Postal Address:
Gaineroo Pty Ltd
Tower One Barangaroo, Level 35
100 Barangaroo Avenue
Sydney NSW 2000
Australia
Email:
support@ozsweepstakes.com
All valid requests will be handled in accordance with our obligations under the Privacy Act 1988 (Cth). We aim to respond within thirty (30) calendar days, or within any extended timeframe permitted by law.
We may not be able to act on a request where:
- compliance would breach an Australian law, regulation, or court order;
- the request is clearly unfounded, repetitive, or excessive;
- the deletion of information would conflict with gambling licence conditions, AML/CTF obligations, or taxation requirements; or
- the information is required for compliance, evidentiary, or operational purposes.
We are committed to handling all enquiries with care, in compliance with our legal obligations, and with full regard for the protection of your privacy.
12. ACCESS, UPDATE OR DELETE DATA
You have the right to request access to the personal information we collect from you, correct any inaccuracies, or delete your personal information. These rights may be limited in some circumstances by law. To submit a data subject access request to review, update, or delete your personal information, please send a written request to support@ozsweepstakes.com. We may request identity verification before processing your request.