Privacy Policy

Introduction

The Proprietor and Owner of POTBUX is POTBUX LTD (“POTBUX”, “we”, “our” or “us”). These privacy terms relate to your use of all websites, applications and services offered by Us, Our trading companies (“subsidiaries”) and brands.

The POTBUX LTD registered, London, England.

We want all our clients and participants in services offered (“you”) to know that we value your privacy and personal data just as much as you do. We apply the highest standards to ensure your personal data is secure, and we always comply with applicable data protection laws.

In this privacy policy (the “Policy”) we not only want to advise you of your rights, but also explain how we respect them. Any personal data you provide to us directly or by way of acquiring services from our subsidiaries, trading brands or sister companies, jointly or separately will be processed only in accordance with this Policy. This Policy and Our collection, processing, use or disclosure of personal data shall be governed by and construed in accordance with English law.

Personal data is any information relating to you from which:

You can be identified from the information in question; or
You can be indirectly identified from that information in combination with other information.

Sensitive Data includes information concerning:

Racial or ethnic origin
Political opinions
Religious and philosophical beliefs
Trade union membership
Genetic data
Biometric data
Data concerning health
Sex life and sexual orientation

The only sensitive type of data we may process about you is that obtain and informed of via our subsidiaries, which for example, is Biometric data for the purpose of uniquely identifying you during registration / onboarding processes relating to our services.

Cookies

Our website requires the use of files containing small amounts of data that exchange between your computer’s browser and our web server. They are known as “cookies” and are used for a number of functions such as remembering who you are and your choices, either for that session or for when you return to our website. Some cookies are required for our website to work but only last as long as your visit. As a result, you cannot opt out of those. All of the other cookies we like to use you can control, though some functionality may be limited by your choice. You can change your cookie preferences at any time.

Categories of personal data

The table below sets out the categories of data we may use, what they can include, and the period for which we retain that data (from the date of the last relevant activity). Some sections may include categories from another section, particularly your contacts details and identifiers. Any information received from our subsidiaries, sister companies or trading brands is processed strictly in accordance with the purposes as defined within this and the relevant independent Privacy Policies.

Category	Why is this data collected or shared by our subsidiaries?	Data Included	Retention Period
Client personal and contact information	To be able to make available, communicate to you and fulfil our services requested, directly from Us. To communicate with you about your experiences with Us. To ensure best working practices are being followed by us or any of our subsidiaries by way of quality control mechanisms and or legal / regulatory auditing.	Name; date of birth; identity documentation (image); gender; nationality; biometric data; address; email contact; telephone contact; visits; interactions with us (including emails and phone calls).	6 years.
Mailing List (Ad-hoc information)	To arrange or provide services tailored to your requirements. To communicate in a relevant way.	Name, postal address, email address, telephone number, age, gender, occupation, email contact; telephone contact; lifestyle and social circumstances; preferences.	6 years.
Current and Historic Information	To arrange or provide services tailored to your requirements. For purposes of accounting, reporting, analysis and, as may be required, lawful or regulatory disclosures. To communicate in a relevant way.	Service data, visits, transactions, complaints and disputes, financial transactions, behaviors, and geographical locations.	6 years.
Finance and Payment Information	To be able to process your payments. To meet any auditing, lawful or regulatory requirement.	Name; date of birth; identity documentation (passport / visa); gender; nationality; biometric data; residential address; concessions; invoices; applications; financial transaction history; bank account details; bank card details; debt information; payment services, winnings, applications, cheques awaiting clearance, affordability history; 3rd party affordability referencing data; 3rd party adverse media referencing data, information from 3rd party debt collection and tracing agencies, and other authorized agents, data from regulatory or government authorities, lifestyle and social circumstances, occupation, employment and educational history, payment services and other details of products and services you have purchased from us.	7 years.
Marketing	To make you aware of new products, services, and promotions including those of our partners and subsidiaries from time to time which we feel would be useful to you. (All Marketing preferences are based on you opting in and may be managed at any time)	Name, residential address, date of birth, nationality, biometric data, email contact, telephone contact, travel and geographic movement information, preferences, interactions with us (including emails and phone calls), behaviors, complaints, and issues.	2 years or deletion on request.
Complaints & Issues	To assist you in relation to any arrangements and to handle complaints. Complaints and evidence of unlawful activities.	Complaints and issues.	6 years.
Audio Recordings	Staff Development, identifying errors and to enable the effective resolution of complaints and issues. Telephone audio recordings.	Telephone audio recordings.	6 years.

These are the maximum retention periods but where it is appropriate, we may apply lesser retention periods.

Data we may process under a legal obligation

Basis: Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services).

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Type of Data: Client Personal and Contact Information, Current and Historic Information; Mailing List; Finance and Payment Information, Complaints & Issues and Audio Recordings.

When Data is Processed: We may collect and process this personal data in the following circumstances:

When you apply for services or when you update your personal details or ID documents with us.
When we verify your identity and personal details, or when we conduct security, due diligence, dispute resolutions and/or compliance and auditing checks.

Your Rights: As we are under a legal duty to process this data you some of your rights (see below) may not apply.

Data we may process under our contract with you

Basis: When you become a participant of our services, you enter into a contract with us directly or via one of our subsidiaries indirectly. This contract includes either our or the subsidiaries terms and conditions and you have to agree to the respective privacy policy. We would only use your personal data to provide our services to you; including to maintain our accounts and records and to provide customer services.

Type of Data: Client Personal and Contact Information, Current and Historic Information; Mailing List; Finance and Payment Information, Complaints & Issues and Audio Recordings.

When Data is Processed: We may collect and process this data:

When you apply for services or when you update your personal details or ID documents with us.
When we verify your identity and personal details, or when we conduct lawful and or regulatory checks (including checks with 3rd parties).
When you contact us, request services, report a problem, or wish to make a complaint.

Your Rights: While you may request that your personal data be removed from our live systems (which will also suspend or terminate your account) we may nonetheless retain a separate secure copy in order to deal with any complaints or contractual issues.

Data we may process with your specific consent

Basis: Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have a basis for doing so in law. You also have the right to object to our using your personal data for specific purposes. In each case, please contact us (see section 14).

Type of Data: Marketing.

When Data is Processed: We may collect and process this data:

If you give us your express permission when applying for services or if you subsequently update your marketing preferences.

Your Rights: You are entitled to qualify, vary or withdraw your consent in relation to marketing whenever you want to. You can do so either via your online account details or by contacting us directly.

Data we may process for a legitimate interest

Basis: "Legitimate interest" means our interest in conducting and managing our businesses to enhance our services and experiences for our clients, users and contacts. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Type of Data: Client Personal and Contact Information, Current and Historic Information; Mailing List; Finance and Payment Information, Complaints & Issues and Audio Recordings.

The legitimate interests that we pursue include:

It is in our legitimate interests to provide our clients with a fast and professional service. We do so in a manner that is consistent with applicable regulations and standards.
Developing and improving our services and keeping in touch with our clients and potential clients, is a key part of our business relationship development. We also have an interest in identifying and developing new opportunities and suppliers for our services.
Understanding and maintaining the awareness of the various industries that we operate in: this includes the various developments in these industries and the opportunities that they present to us.
Some of the ways that we use personal data are justified if they are necessary to protect our systems and data.
Reorganising our business operations and corporate structure.
Fraud prevention.
Disclosure to appropriate authorities of potentially criminal acts or security threats.
Engaging personnel/suppliers/subcontractors
Ensuring we operate suitable and appropriate IT systems and website content.

We may also use your personal information in the following situations, which are likely to be rare:

Where we need to protect your interests (or someone else’s interests).
Where it is needed in the public interest.

Your Rights: Whilst you are entitled to correct incorrect personal data, if you do not agree to this processing then this may result in your services being terminated.

Where your personal data may be stored

The information that you provide to us will be held in our systems, which are located on our or our subsidiaries registered premises or those of an appointed third party. We are based in the United Kingdom and your information will be accessed and used here and elsewhere in the European Economic Area (EEA) where we enable the provision of the contracted services.

While countries within the EEA all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection of your personal data. In each case, your data may, for purposes described in this notice or otherwise approved by you, be transferred to, processed by and stored by persons operating outside of the EEA and the third party may require access to all or some of your data. For example:

Other POTBUX trading companies based outside the EEA may need to use data in accordance with this notice;
Our staff, suppliers or agents located outside of the EEA may need to access and process personal data to fulfill requested and or contracted services or provide other support services;
We may use cloud-based technology hosted outside of the EEA to host some of our applications;
We may use service providers based outside of the EEA to help us support some of our information technology infrastructure and these service providers may need to access your personal data in order to provide and support that infrastructure.

When we send personal data outside of the EEA we take steps to put in place appropriate safeguards to protect the information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed in accordance with applicable data protection laws. We protect your personal data, for example, by:

Transferring to a jurisdiction which the European Commission recognizes as providing adequate protection for the rights and freedoms of data subjects in connection with the processing of their personal data;
Where possible, putting in place standard contractual clauses (SCC's) in accordance with European Commission decisions on transferring personal data;
Requiring all POTBUX trading companies to be subject to group data protection policies, designed to protect data in accordance with UK data protection law;
Ensuring access controls which limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know; and
Ensuring they will only process your personal information on our instructions, for the reasons we specify.

We may also from time to time rely on one or more of the 'derogations' available in applicable data protection laws, for example:

The transfer is necessary for the establishment, exercise or defense of legal claims; or
We have the individual’s explicit consent; or
The transfer is necessary for the conclusion or performance of a contract in the interest of the individual concerned, and we are party to that contract;
The transfer is necessary in order to perform a contract between us and the individual concerned, or the implementation of pre-contractual measures taken at the individual’s request.

We may also be compelled by law to disclose your personal data to a third party and will have limited control over how it is protected by that party in such circumstances.

Access to your personal data

When you ask to see a copy of your personal data as permitted under data protection laws we will supply you with all the personal data to which you are entitled, promptly and normally no later than one month after the receipt of your data subject access request. In rare cases, where the requests are complex or contain multiple requests, the period of compliance may be extended by a further two months, but we will write to you and explain why any extension is required within one month of your request.

We will want to ensure that we have properly identified anyone making a data subject access request and may therefore ask to see additional identification. Any access request is normally free, although in some cases we may charge a reasonable fee based purely on our administrative costs when a request is clearly unfounded, is made excessively, or is made repetitively.

You may also have the right to Data Portability which allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. If you wish to exercise this right, we will transmit such data to you in a machine-readable code where it is technically feasible to do so.

How long do we keep your personal data?

Generally, we comply with the retention periods specified above although there may be exceptions, such as where there is an ongoing legal enquiry. Your personal data may also be subject to increasing internal restrictions on accessing. For example, personal data may be removed from front office functions and only accessible by senior management with specific reasons.

Who do we disclose your personal data to?

In accordance with this Privacy Policy and for specific purposes, we may share some of your information with the following categories of third parties:

Any trading company within POTBUX LTD, our subsidiaries, our trading brands and our authorised partners, and their respective subsidiaries and or trading brands for the purposes set out in this notice (for example, information and customer relationship management; software and service compatibility and improvements; and to provide you with any information, applications or services that you have requested or may be interested in subject to your requests);
Authorized representatives or agents acting on our behalf with respect to the promotion of our services in particular territories;
Suppliers where necessary, in performance of services which you have contracted, with or through us (which may include sharing data in order to perform and process payments associated with the performance of such services);
Any trading company within POTBUX LTD, our subsidiaries, our trading brands and our authorised partners, and their respective subsidiaries and or trading brands for the purposes set out in this notice (for example, information and customer relationship management; software and service compatibility and improvements; and to provide you with any information, applications or services that you have requested or may be interested in subject to your requests);
Authorized representatives or agents acting on our behalf with respect to the promotion of our services in particular territories;
Suppliers where necessary, in performance of services which you have contracted, with or through us (which may include sharing data in order to perform and process payments associated with the performance of such services);
Information technology companies undertaking services for us in connection with maintenance, support, development or enhancement of our websites or our other information technology platforms and infrastructure;
Third parties that we engage to perform market surveys/client feedback surveys, subject to your selected preferences;
Third parties which we engage to securely host communication services (emails and SMS) and act as suppliers to distribute our notifications and other marketing communications on our behalf, both where you have requested information and where we believe that information will be of interest to you;
Companies used to facilitate payment transactions arising from engagement of our services;
Fraud prevention agencies;
Recruitment agencies or website recruitment platforms in the context of employment;
Law enforcement agencies, regulators or other applicable third parties, where necessary to enable us to comply with our regulatory and legal obligations (including statutory or regulatory reporting or the detection or prevention of unlawful acts), or where necessary to assist them in the conduct of their investigations;
Authorized third parties engaged to support us in the deliverance of services;
Our clients (if you are a supplier), in the course of performing any engagement for services;
Relevant third parties in the context of actual or potential legal proceedings (for example, in response to a court order and the enforcement of the terms of a contract);
Our own professional advisors and auditors for the purpose of seeking professional advice or to meet our legal, regulatory and auditing responsibilities;
Another organization if we sell or buy (or negotiate to sell or buy) any of our companies, business or assets;

We may compile statistics about the use of our websites including data on traffic, usage patterns, user numbers, and other information. All such data will be anonymised and will not include any data which can be used to identify you either by itself or when combined with other data. We may share non-personally identifiable information about the use of our website, applications, products, or services publicly or with third parties, but this will not include information that can be used to identify you.

We do not sell personal data to third parties for marketing purposes.

Your Rights: You have the right to object to this and to correct any incorrect data. Services may be conditional on allowing us to share this personal data.

Changes to this policy

From time to time we will need to update, change or supplement this Policy, including by altering the types of personal data that may be collected, processed or shared. If this happens, we will update this Policy on our website, in our literature, and we will make contact (normally by email) to inform you of any updates to this Policy before such changes come into effect. If you do not agree to these changes then you will have to inform us.

Your rights

You have the following rights:

The right to be informed: This privacy policy is intended to meet our obligation to provide “fair processing information”.
The right of access: You have the right at any time to ask to see a copy of the personal data we hold about you.
The right to withdraw consent: Where you have given your consent to our processing you may withdraw this at any time.
The right to rectification and data quality: If your personal data is incorrect or incomplete then you may ask us to remedy that.
The right to erasure including retention and disposal: You may ask us to delete or remove your personal data where there is no compelling reason for its continued processing, but this may affect any services we provide to you which relies on that personal data.
The right to restrict processing: Where you have highlighted an issue with the data.
The right to data portability: This allows you to request that your personal data be shared with other processors at your request.
The right to object: Where you have an objection to our processing you may do so.

You may also have the right to lodge a complaint with the Information Commissioner’s Office if you believe we are in breach of our legal obligations under data protection laws.

PLAY POTBUX RESPONSIBLY

Welcome to POTBUX, the premier raffle platform offering both paid and free entry options for the chance to win incredible prizes. Our platform is designed to provide a fun and social experience for all users, while maintaining a strong culture of care and social responsibility.

Although raffle sites are not regulated by the UK Gambling Commission, we take customer safety seriously. That's why we have implemented various measures to ensure a secure and enjoyable environment. To protect our customers, we have a full know your customer (KYC) process in place during registration. Additionally, we have set a mandatory annual spending limit of £1,500 on real money. If a customer wishes to increase their spending limit, we require additional information to reduce any financial harm risk and provide a comfortable customer experience.

By registering and entering our draws, you have the opportunity to win brilliant prizes every day. POTBUX launched in July 2023 with a desire to be the safest prize draw platform in the world. Our platform is easy to join, exciting to play, safe and secure, and donates to wonderful, good causes.”

Do you think that you have a problem with your financial activities on our site? Questions to ask yourself:

Have you lied, stolen or borrowed to get money for your play?
Do you ever play for a longer period than you had planned?
Do you ever play to escape worry, trouble, disappointment, or frustration?
Do you feel depressed or suicidal because of your play?
Are you in debt because of your play?
Have you ever sold your own or your family possessions to get money to play, gamble or to pay gambling debts?

We are here to help and we do not want your play to get out of control or cause you harm.