Skip to main content
0
Winners guaranteed even if draws undersold £32,000.00 Donated to charity 1,100 Live draw winners £300,000.00 Worth of prizes won Rated Excellent on Trustpilot (331 reviews)

Privacy policy

This is a plain-English draft and is being finalised with our solicitor ahead of launch. It explains how we intend to operate; the final wording will be published here before you can be charged.

Win A Bundle respects your privacy and is committed to protecting your personal data. This policy explains how we collect, process and look after your personal data when you use our website, and tells you about your privacy rights and how the law protects you.

Who we are

Win A Bundle Ltd is the controller responsible for your personal data (“we”, “us”, “our”). We are registered in England and Wales under company number 15636787, with registered office at Office 417, 37 St. Andrews Street, Norwich, England, NR2 4TP. We are registered with the Information Commissioner’s Office under registration reference ZB757549. We have appointed a data privacy manager responsible for this policy.

If you have any questions, or wish to exercise your legal rights, contact our data privacy manager by email at contact@winabundle.co.uk or by post at Win A Bundle, Office 417, 37 St. Andrews Street, Norwich, England, NR2 4TP. You also have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk, though we would appreciate the chance to address your concerns first. This website is not intended for children and we do not knowingly collect data relating to children.

The data we collect about you

Personal data means any information from which a person can be identified. We may collect, use, store and transfer the following kinds of personal data:

  • Identity Data - first name, last name, username or similar identifier, title and date of birth.
  • Contact Data - billing address, delivery address, email address and telephone numbers.
  • Financial Data - bank account and payment card details (card details are handled by our payment provider; we do not store them).
  • Transaction Data - details about payments to and from you and other details of products and services you have purchased.
  • Technical Data - IP address, login data, browser type and version, time zone and location, operating system and platform.
  • Profile Data - your username and password, purchases or orders, interests, preferences, feedback and survey responses.
  • Usage Data - information about how you use our website, products and services.
  • Marketing and Communications Data - your marketing and communication preferences.

We also collect Aggregated Data (statistical or demographic data) which is not personal data in law. We do not collect any Special Categories of Personal Data (such as race, religion, health, sexual orientation or biometric data), nor information about criminal convictions. Where you fail to provide personal data we need by law or under a contract, we may be unable to perform that contract (for example, to enter you into a competition).

How your personal data is collected

We collect data through: direct interactions (when you create an account, request marketing, enter a competition or survey, or contact us); automated technologies (cookies, server logs and similar technologies that collect Technical Data as you interact with our site); and third parties or publicly available sources (analytics and advertising providers, payment and delivery providers, and publicly available sources such as Companies House).

How we use your personal data

We will only use your personal data when the law allows us to, most commonly: where we need to perform a contract with you (for example, when you purchase entries or enter a competition); where it is necessary for our legitimate interests (and your interests do not override those); and where we need to comply with a legal obligation. We use your data to register you as a customer, process and deliver your orders, manage our relationship with you, run our competitions and prize draws, administer and protect our business and website, deliver relevant content, and (where permitted) make suggestions and recommendations.

Generally we do not rely on consent as a legal basis, except that we will obtain your consent before sending third-party direct marketing by email or text. You can withdraw consent at any time by contacting us or from your account settings.

Marketing

You will receive marketing communications from us if you have requested information, purchased from us or entered a competition or prize draw, and you have not opted out. We will get your express opt-in consent before sharing your personal data with any third party for marketing. You can ask us, or third parties, to stop sending marketing at any time by following the opt-out links in any message or by contacting us. Opting out will not affect personal data provided as a result of a purchase or other transaction.

Cookies

You can set your browser to refuse all or some cookies, or to alert you when sites set cookies. If you disable or refuse cookies, some parts of this website may become inaccessible or not function properly. Non-essential cookies are only set with your consent. For more information, see our cookie policy.

Disclosures of your personal data

We may share your personal data with external third parties acting as processors (such as IT and system administration providers and professional advisers), with HM Revenue & Customs, regulators and other authorities (such as the Advertising Standards Authority) where required, and with third parties to whom we may sell, transfer or merge parts of our business. We require all third parties to respect the security of your personal data, to treat it in accordance with the law, and to process it only for specified purposes and on our instructions.

International transfers

Some of our external third parties are based outside the UK, so their processing may involve a transfer of your data outside the UK. Whenever we transfer your data out of the UK, we ensure a similar degree of protection by relying on an adequacy decision or appropriate safeguards such as approved contractual clauses.

Data security and retention

We have put in place appropriate security measures to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, and we limit access to those who have a business need. We have procedures to deal with any suspected breach and will notify you and any applicable regulator where legally required.

We retain your personal data only for as long as reasonably necessary to fulfil the purposes we collected it for, including to satisfy any legal, regulatory, tax, accounting or reporting requirements. Some financial and draw-integrity records are retained for as long as the law requires, stripped of personal identifiers. In some circumstances you can ask us to delete your data, and in some circumstances we will anonymise it for research or statistical purposes.

Your legal rights

Under data protection laws you have the right to: request access to your personal data; request correction of inaccurate data; request erasure; object to processing based on our legitimate interests, and to direct marketing; request restriction of processing; request transfer of your data; and withdraw consent at any time where we rely on it. You can access, export, correct or manage much of your data directly from your account settings. You will not usually have to pay a fee, and we try to respond to all legitimate requests within one month. To exercise any of these rights, please contact us at contact@winabundle.co.uk.

?