Logo

Privacy Policy

Last Updated: January 12, 2025

Your privacy is fundamental to our service. This policy explains how we collect, use, protect, and manage your personal information with complete transparency and respect for your rights.

Privacy Inquiries Table of Contents

Table of Contents

1. Introduction 2. Information We Collect 3. How We Use Your Information 4. Age Verification (18+) 5. Payment Information 6. Winner Information 7. Regulatory Compliance 8. Third-Party Sharing 9. Data Retention 10. Security Measures 11. Your Privacy Rights 12. Cookies & Tracking 13. Marketing Communications 14. Location Data 15. Analytics & Improvement 16. Policy Changes

1. Introduction

Welcome to KoalaPrizeVault.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our Australian Lottery services. We are committed to maintaining the highest standards of privacy protection and data security.

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any aspect of this policy, please do not use our services.

This policy applies to all information collected through our website, mobile applications, retail locations, and any related services, sales, marketing, or events. We operate under Australian privacy laws, including the Privacy Act 1988 and applicable state gambling regulations.

2. Information We Collect

Personal Identification Information

  • Full legal name and date of birth (required for age verification)
  • Government-issued identification documents (driver's license, passport, or national ID)
  • Residential address and contact details (email address, phone number)
  • Account credentials (username, password, security questions)
  • Profile photograph (optional for account personalization)

Financial and Payment Information

  • Payment card details (card number, expiry date, CVV - processed securely by payment providers)
  • Bank account information for direct deposits and withdrawals
  • Digital wallet account details (PayPal, Apple Pay, Google Pay)
  • Transaction history and lottery purchase records
  • Billing address and payment preferences

Lottery Participation Data

  • Lottery game selections and number choices
  • Purchase dates, times, and amounts spent
  • Ticket serial numbers and validation codes
  • Draw results and winning notifications
  • Prize claims and payout history

Technical and Usage Information

  • IP address, browser type, and operating system
  • Device identifiers and mobile device information
  • Pages visited, time spent on site, and navigation patterns
  • Referral sources and search terms used to find our site
  • Cookies and similar tracking technologies (see Section 12)

3. How We Use Your Information

We use the personal information we collect for the following purposes, ensuring that all processing is lawful, fair, and transparent:

Service Provision

Process lottery ticket purchases, manage your account, facilitate draws, validate tickets, and distribute prizes to winners.

Age Verification

Verify that all participants are 18 years or older as required by Australian gambling laws and prevent underage access.

Legal Compliance

Meet regulatory requirements, report to gambling authorities, prevent fraud, and maintain audit trails for compliance purposes.

Security & Fraud Prevention

Protect against unauthorized access, detect suspicious activity, prevent money laundering, and ensure platform security.

Customer Support

Respond to inquiries, resolve technical issues, provide account assistance, and deliver personalized customer service.

Service Improvement

Analyze usage patterns, enhance user experience, develop new features, and optimize platform performance.

Marketing Communications

Send lottery updates, promotional offers, and relevant news (with your consent, which you can withdraw anytime).

Responsible Gaming

Monitor play patterns, enforce spending limits, identify problem gambling indicators, and provide welfare support.

4. Age Verification Data (18+)

Australian law strictly prohibits lottery participation by anyone under 18 years of age. We take age verification extremely seriously and collect specific information to ensure compliance:

What We Collect for Age Verification

  • Date of Birth: Full date of birth to calculate your age and confirm you meet the 18+ requirement
  • Government ID Documents: Driver's license, passport, or national ID card scans for identity verification
  • Address Verification: Utility bills or bank statements to confirm your residential address matches ID documents
  • Third-Party Verification: We may use licensed verification services to cross-check your identity against government databases

How We Use Age Verification Data

Age verification data is used exclusively to confirm eligibility and prevent underage access. This information is:

  • Processed at account creation and before first lottery purchase
  • Stored securely with encryption and access controls
  • Shared with regulatory authorities when required by law
  • Retained for regulatory compliance periods (typically 7 years)
  • Never used for marketing or non-compliance purposes

5. Payment Information Security

We handle payment information with the highest security standards to protect your financial data during lottery transactions:

Card Payment Processing

We use PCI DSS Level 1 compliant payment processors. Card details are tokenized and never stored on our servers. We see only the last 4 digits for your reference.

Bank Account Details

Bank account numbers for prize payouts are encrypted and stored in secure, isolated databases with multi-factor authentication access controls.

Digital Wallets

PayPal, Apple Pay, and Google Pay transactions are processed through their secure platforms. We receive confirmation tokens, not your wallet credentials.

Transaction Records

We maintain detailed transaction logs for auditing and dispute resolution. Records include amounts, dates, and payment methods but exclude sensitive card details.

Third-Party Payment Processors

We partner with trusted payment processors who maintain their own strict security and privacy policies:

  • All processors are PCI DSS Level 1 certified
  • Payments are processed over encrypted SSL/TLS connections
  • Processors have independent privacy policies you should review
  • We only receive transaction confirmations, not raw card data

6. Winner Information & Prize Claims

When you win a lottery prize, additional information collection and disclosure requirements apply under Australian law:

Winner Data Collection

For prize claims, we collect and verify:

  • Full Identity Verification: Enhanced identity checks including photo ID and proof of address
  • Tax Information: Tax File Number (TFN) for prizes above statutory thresholds as required by ATO
  • Publicity Materials: Photographs and statements if you consent to promotional use (always optional)
  • Prize Acceptance: Signed claim forms and acceptance documentation
  • Legal Declarations: Anti-money laundering declarations and source of funds verification for major prizes

Mandatory Disclosures

Australian gambling regulations require us to disclose certain winner information:

  • • Regulatory authorities (VIC Gambling Commission)
  • • Australian Transaction Reports and Analysis Centre (AUSTRAC) for prizes over AU$10,000
  • • Australian Taxation Office (ATO) for tax compliance
  • • Law enforcement if required by court order

Your Privacy Choices

You control how your win is publicized:

  • Opt out of public winner announcements
  • Decline media interviews and photography
  • Use initials or partial name in public lists
  • Request confidential prize payment

7. Regulatory Compliance & Data Sharing

As a licensed lottery operator in Victoria, Australia, we are legally obligated to share certain data with regulatory authorities to ensure compliance with gambling laws:

Mandatory Regulatory Reporting

Victorian Gambling and Casino Control Commission (VGCCC)

We report regularly to VGCCC including:

  • • Player account registrations and age verification records
  • • Transaction volumes and prize payouts
  • • Self-exclusion and responsible gaming measures
  • • Suspicious activity and fraud prevention data
  • • Compliance audit trails and system logs

AUSTRAC (Anti-Money Laundering)

For transactions exceeding AU$10,000, we report to AUSTRAC:

  • • Large cash transactions and suspicious matter reports
  • • Customer identification and verification records
  • • Source of funds documentation
  • • International funds transfer instructions

Australian Taxation Office (ATO)

Tax reporting for significant prizes includes:

  • • Winner identity and Tax File Numbers
  • • Prize amounts and payout dates
  • • Withholding tax calculations where applicable
  • • Annual prize distribution summaries

Data Protection in Regulatory Sharing

When sharing data with regulators, we ensure:

Encrypted transmission channels
Minimum necessary disclosure
Audit trails of all data access
Regular compliance reviews

8. Third-Party Data Sharing

We share personal information with trusted third-party service providers who help us operate our lottery services. All third parties are contractually bound to protect your data and use it only for specified purposes:

Payment Processors

Visa, Mastercard, PayPal, Apple Pay, and other payment partners process transactions securely on our behalf.

Technology Providers

Cloud hosting, database management, and IT infrastructure providers who maintain our systems and data.

Verification Services

Third-party identity and age verification services that confirm your eligibility to participate.

Customer Support

Support ticketing systems and communication platforms that help us respond to your inquiries efficiently.

Analytics Providers

Web analytics services that help us understand site usage and improve user experience (see Section 15).

Email Services

Email delivery platforms for transactional notifications, account updates, and marketing communications.

Third-Party Safeguards

We require all third parties to:

  • Sign comprehensive data processing agreements
  • Implement appropriate security measures equivalent to ours
  • Process data only for specified, lawful purposes
  • Delete or return data when services end
  • Submit to regular security audits and compliance reviews
  • Notify us immediately of any data breaches

9. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal and regulatory requirements:

Active Account Data

Retained for the duration of your account's active status plus 7 years after account closure as required by gambling regulations.

Transaction Records

Lottery purchases, deposits, withdrawals, and prize claims are retained for 7 years for audit and tax compliance purposes.

Identity Verification Documents

Age verification and ID documents are securely stored for 7 years after last account activity or as required by AML/CTF laws.

Winner Information

Prize claim records, including tax documentation, are retained for 7 years for regulatory compliance and tax audit purposes.

Communications & Support

Customer service records, emails, and chat transcripts are retained for 3 years for quality assurance and dispute resolution.

Analytics & Usage Data

Aggregated and anonymized analytics data may be retained indefinitely for statistical purposes and service improvement.

Marketing Data

Marketing consent and communication preferences are retained until you withdraw consent or for 2 years after last engagement.

Secure Data Deletion

When retention periods expire, we securely delete or anonymize your personal information:

Permanent deletion from active systems
Removal from backup archives
De-identification of analytics records
Documented destruction processes

10. Security Measures & Data Protection

We implement comprehensive technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:

Encryption

  • • 256-bit SSL/TLS for data transmission
  • • AES-256 encryption for stored data
  • • End-to-end encryption for sensitive communications
  • • Encrypted database fields for PII

Access Controls

  • • Multi-factor authentication for staff access
  • • Role-based access permissions
  • • Least-privilege principle enforcement
  • • Regular access audits and reviews

Infrastructure Security

  • • Firewall protection and intrusion detection
  • • 24/7 security monitoring
  • • DDoS mitigation systems
  • • Regular penetration testing

Data Backup & Recovery

  • • Automated daily backups
  • • Geographically distributed backup storage
  • • Encrypted backup archives
  • • Tested disaster recovery procedures

Staff Training

  • • Mandatory security awareness training
  • • Privacy policy education
  • • Incident response protocols
  • • Confidentiality agreements

Monitoring & Auditing

  • • Real-time security event logging
  • • Automated anomaly detection
  • • Regular security audits
  • • Compliance assessments

Data Breach Response

In the unlikely event of a data breach affecting your personal information, we will:

  • Notify you within 72 hours as required by law
  • Provide details of what information was affected
  • Offer guidance on protective measures you can take
  • Implement immediate remediation actions
  • Report to relevant authorities (OAIC, VGCCC)

11. Your Privacy Rights

Under Australian privacy law, you have significant rights regarding your personal information. We respect and facilitate the exercise of these rights:

Right to Access

Request a copy of all personal information we hold about you, including transaction history and account details.

Right to Correction

Request correction of inaccurate or incomplete personal information in our records at any time.

Right to Deletion

Request deletion of your personal information, subject to legal retention requirements and regulatory obligations.

Right to Restrict Processing

Request that we limit how we use your data while disputes about accuracy or processing are resolved.

Right to Data Portability

Receive your personal information in a structured, commonly used format for transfer to another service.

Right to Object

Object to processing of your data for direct marketing or other purposes based on legitimate interests.

Right to Withdraw Consent

Withdraw consent for marketing communications or optional data processing at any time without affecting other services.

Right to Complain

Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been violated.

How to Exercise Your Rights

To exercise any of your privacy rights, contact us using the methods in Section 17. We will:

  • Respond to your request within 30 days
  • Verify your identity before processing requests
  • Provide requested information free of charge (unless excessive)
  • Explain any limitations due to legal requirements
  • Keep you informed of progress throughout the process

12. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze site usage, and deliver personalized content. You have control over how cookies are used.

Types of Cookies We Use

Essential Cookies (Always Active)

Required for core site functionality including login sessions, security features, and transaction processing. Cannot be disabled without affecting site operation.

Performance Cookies

Collect anonymous data about site usage, page load times, and error reports to help us improve performance and user experience.

Analytics Cookies

Track visitor behavior, page views, and navigation patterns to understand how users interact with our site and identify areas for improvement.

Marketing Cookies

Remember your preferences and deliver relevant content based on your interests. Used for personalized promotions and lottery recommendations.

Managing Cookie Preferences

You can control cookies through:

  • Our cookie consent banner on first visit
  • Your browser's privacy settings
  • Account preferences in your profile
  • Third-party opt-out tools

Learn More About Cookies

For detailed information about all cookies we use, their purposes, and retention periods, please visit our dedicated Cookie Policy page.

View Full Cookie Policy

13. Marketing Communications

With your consent, we may use your contact information to send you marketing communications about lottery draws, special offers, and relevant updates:

What We Send

  • Draw result notifications
  • New lottery game announcements
  • Progressive jackpot updates
  • Special promotional offers
  • Responsible gaming reminders
  • Company news and updates

Your Control

  • Opt in or out anytime
  • Choose email, SMS, or both
  • Select specific topics of interest
  • Set frequency preferences
  • Unsubscribe with one click
  • No penalty for opting out

Important Notes on Marketing

Transactional Emails: Even if you opt out of marketing, you'll still receive essential transactional emails about your account, purchases, and regulatory notices.

Responsible Gaming: We will never send marketing communications that encourage excessive play or target vulnerable individuals.

Third-Party Marketing: We do not sell your contact information to third parties for their marketing purposes.

Update Preferences: Manage your marketing preferences in your account settings or use the unsubscribe link in any marketing email.

14. Location Data for Retailer Finding

We may collect location data when you use our retailer locator feature to help you find nearby physical lottery outlets:

What Location Data We Collect

  • GPS coordinates from your device (with permission)
  • IP address-based approximate location
  • Manually entered postal codes or suburbs
  • Wi-Fi and cellular network data for positioning

How We Use Location Data

  • Display nearest lottery retail locations
  • Calculate distances and provide directions
  • Show location-specific lottery availability
  • Improve service coverage planning

Location Privacy Controls

You're In Control: Location services are entirely optional. You can:

  • Deny location permission when prompted
  • Revoke location access in device settings
  • Use manual postal code search instead
  • Browse all locations without filtering by distance

Data Retention: Location data used for retailer finding is not stored permanently. We may retain anonymized, aggregated location statistics for service improvement.

15. Analytics & Website Improvement

We use analytics tools to understand how visitors use our website, identify technical issues, and continuously improve the user experience:

Analytics Data We Collect

User Behavior

  • • Pages visited and time spent
  • • Click patterns and navigation flows
  • • Search queries and results
  • • Form completion rates

Technical Metrics

  • • Page load times and performance
  • • Error messages and crashes
  • • Browser and device types
  • • Screen resolutions and orientations

Traffic Sources

  • • Referral websites and links
  • • Search engine keywords
  • • Campaign tracking codes
  • • Geographic regions

User Engagement

  • • Scroll depth and content visibility
  • • Video and media interactions
  • • Download and external link clicks
  • • Feature usage patterns

How We Use Analytics

  • Identify popular features and content
  • Detect and fix technical problems
  • Optimize page layouts and navigation
  • Improve mobile responsiveness
  • Enhance search and filtering functionality
  • Plan new features based on user needs

Analytics Privacy Protection

  • IP addresses are anonymized before storage
  • Data is aggregated and de-identified
  • No personally identifiable tracking
  • Respect "Do Not Track" browser settings
  • Analytics data never sold to third parties
  • Cookie consent respected for analytics

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

How We Notify You

  • Update the "Last Updated" date at the top
  • Display a prominent notice on our website
  • Send email notification for material changes
  • Request re-acceptance for significant updates

Your Responsibility

  • Review this policy periodically
  • Check the "Last Updated" date regularly
  • Contact us with questions about changes
  • Discontinue use if you disagree with updates

Material Changes

If we make material changes that significantly affect how we collect, use, or share your personal information, we will:

  • Provide at least 30 days advance notice
  • Clearly highlight the changes in the policy
  • Seek your explicit consent where required by law
  • Allow you to opt out of new practices if applicable

Privacy Inquiries & Contact

If you have questions about this Privacy Policy, want to exercise your privacy rights, or need to report a privacy concern, please contact us:

Email

privacy@KoalaPrizeVault.com

Phone

1800 123 456

Mon-Fri 9AM-5PM AEST

Mail

Privacy Officer
KoalaPrizeVault.com
Victoria, Australia

Additional Resources

Terms of Service Cookie Policy Responsible Play General Contact