1. Data Collection Protocols
WaveWin Lotto (operated by WaveWin Lotto Operations Pty Ltd) is deeply committed to safeguarding your privacy. Our data collection protocols are designed to ensure strict compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We collect personal information only when it is reasonably necessary for one or more of our platform's functions or activities.
When you register for an account, we collect essential identity information to satisfy mandatory legal obligations, including age verification (18+) and Anti-Money Laundering (AML) checks. This includes your full name, date of birth, residential address, email address, and phone number. We also collect transactional data when you purchase entries or withdraw funds, which includes encrypted payment gateway tokens and financial settlement details. Our platform automatically logs session data—such as IP addresses, device identifiers, and geographic location—to monitor for fraudulent activity and secure your account against unauthorized access.
We do not collect sensitive information (such as political opinions, religious beliefs, or health information) unless explicitly provided by you during a customer support interaction (e.g., discussing responsible gaming vulnerabilities), in which case it is handled with the highest degree of confidentiality and used solely for providing appropriate support.
2. Third-Party Verification Sharing
To operate a secure and regulated lottery platform, WaveWin Lotto must securely share specific data points with authorized third-party entities. We do not sell your personal data to data brokers. Sharing is strictly limited to operational necessity and regulatory compliance.
- Identity Verification Providers: We transmit your registration details to authorized verification agencies (such as Equifax or illion) to electronically confirm your age and identity, ensuring compliance with Australian law.
- Financial Institutions: Encrypted payment details are securely processed by PCI-DSS compliant payment gateways. We do not store full credit card numbers on our servers.
- Regulatory Bodies: In the event of a significant payout or a formal audit, we are legally obligated to provide relevant transactional and identity data to Australian regulatory authorities and law enforcement agencies to prevent financial crime.
- Auditing Partners: Anonymized hash data of ticket purchases is shared with independent auditors (like iTech Labs) to certify the integrity of our Random Number Generation systems.
3. Marketing Communications Consent
We respect your right to control the communications you receive from WaveWin Lotto. By default, transactional emails (such as purchase receipts, draw confirmations, and payout notifications) are sent to all active account holders as these are essential to the service.
Regarding marketing and promotional communications (including weekly promo calendars, bonus line offers, and jackpot alerts), we operate on a strict opt-in basis. You will only receive these communications if you explicitly consent during registration or via your Player Dashboard preferences. You have the unconditional right to withdraw this consent at any time. Every marketing email contains a clear 'unsubscribe' mechanism, or you can adjust your preferences directly within your account settings. Revoking marketing consent will never impact your ability to participate in draws or access your account.
4. User Rights & Data Portability
You retain comprehensive rights over your personal data within the WaveWin Lotto platform. You have the right to request access to the personal information we hold about you. Upon request, we will provide an exported file of your data in a structured, commonly used, and machine-readable format within 30 days.
If you believe any information we hold is inaccurate, incomplete, or outdated, you have the right to request immediate rectification. Furthermore, you possess the 'right to be forgotten' (data erasure). If you choose to close your WaveWin Lotto account, you may request the deletion of your personal data. Please note that while we will delete your profile and marketing data, we are legally required under AML and taxation laws to retain specific transactional records and identity verification logs for a statutory period (typically up to 7 years) before secure destruction.
For any privacy inquiries or to exercise your data rights, please contact our Data Protection Officer at [email protected].