Privacy Policy

This is the privacy policy (“Privacy Policy”) that governs how we, Lotto Nation. (“The Lotto Nation”, “we”, “our” or “us”), use Personal Information (defined below) that we collect, receive and store about individuals who visit or use the website http://www.lottonation.com (together with its sub-domains, content and services, the “Site”). This Privacy Policy forms part of the Terms and Condtions  available at http://www.lottonation.com/terms/ (the “Terms”).

Privacy Policy Terms

We collect Personal Information you give us when you place an order or register to receive additional information or products from us.  You will be asked to confirm your name and postal address, and also to provide your credit card details (only if purchasing items by credit card).

You will also be asked to provide us with your birth date, telephone number, fax number and email address.  It is clearly stated on each promotion that you are requested to provide this information for major prize notification, for customer service calls or for receiving other offers.  We ask only for data that is adequate, relevant and not excessive.

We may supplement the information that you provide with some information that is received from third parties.  For instance, if inaccurate postal or zip codes are received, we will use third party software to fix them.

We purchase rented lists, but only if the data has been collected lawfully and fairly.  If a recipient’s name has been collected in this way, we only mail a promotion once to each customer.  If the recipient responds, then they are added to our in-house customer database, if they do not respond, their name is permanently deleted from our system after 45 days.

Each promotion we mail clearly states our company name and a postal address and the majority of our promotions also contain our Customer Service telephone number to ensure recipients can contact us with any questions or concerns regarding any of our products or their personal information kept on file.

Our business does not use or collect unsolicited personal information.  Customers providing their details are Direct Marketing responders and have been made aware that their details are provided to us via list rental from specifically selected companies via their Terms and Conditions.

Once we receive customers’ details we collect and process Personal Information for specific use and limited purposes.  Customers are made aware of this by way of an initial offer.  They will only receive further correspondence from us should they respond to this offer.

We process your Personal Information only for specific and limited purposes.  When we ask you for Personal information, we tell you the purposes for which we will process that data.  Some of these purposes include the following:

  • We may contact you occasionally to inform you of new services we will be providing, or special offers, events or articles we think will be of interest to you
  • We may send you product information and promotional material
  • We may use your Personal Information for marketing purposes and market research.We may use your Personal Information internally to help us improve our products and services and to help resolve any problems.

We only share, sell or distribute your Personal Information with unrelated third parties, under these limited circumstances:

  • Personal information may occasionally be transferred to third parties who act for or on behalf of our group of companies, or in connection with our business for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have subsequently consented. For example, sometimes a third party may have access to your Personal Information in order to handle our mailings on your behalf.
  • We may disclose your Personal Information to carefully screened local or International companies whose products and services may be of interest to you as part of our list rental program.
  • Where appropriate, before disclosing Personal Information to a third party, we contractually require the third party to make adequate precautions to protect that data.
  • We may share or transfer the information in our databases to comply with a legal requirement, for the administration of justice, to protect your interests, to protect the security or integrity of our databases to take precautions against legal liability, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event.

Direct Marketing is our core business and as such we have strict guidelines and systems in place to select only appropriate customers for our mailings.  Guidelines include the exclusion of customers under the age of 18 from all promotional mailings and careful monitoring for customers over the age of 85.  Customers with a high order frequency are followed up with a Customer service call.

Customers may request the source of the information we have about them including where the source is another organisation simply by providing a written request to any of the address marked on any of our promotions or by writing to The Privacy Officer – The Privacy Officer, PO Box 5649, GCMC  QLD  9726 AUSTRALIA.

You may “opt out” of any Direct Marketing promotion simply by providing a written request to any of the address marked on any of our promotions or by writing to The Privacy Officer – The Privacy Officer, PO Box 5649, GCMC  QLD  9726 AUSTRALIA.

Our businesses are part of a global enterprise that has facilities and databases in different countries.  We may, transfer your Personal Information to one of our databases in another country presently including but not limited to Canada, Belgium, UK, Philippines, Hong Kong and Singapore.  If the level of privacy protection in a country does not comply with recognised international standards, we will take all reasonable measures to ensure that data transferred to our databases in that country are adequately protected and that the transfer of data to third parties in such countries is made pursuant to a contract or other measures providing adequate protection.

Our business does not use any Government related identifiers.

All customers are recognised by a personalised account/customer number.

Acquisition recipients are assigned a temporary number when a promotion is first sent to them, if they respond; this number will then convert into a customer number.

New customers are sourced through list rental.  All of our list rental data is merge purged and checked for invalid addresses, matches with our customer database and duplicates within the files being processed.  We use a variety of in-house custom built routines that are maintained and enhanced by our active in-house IT development team.

The customer details are pulled from the acquisition list at the time of data entry by a setr (customer unique number). Every selection that we run regardless of the source has the setr so that we can find the source of the name. If by some chance there is a problem and no setr is on the package there are search functions to be able to find this number.

On a majority of our pieces, contained in the order section is a reminder for customers to ensure their address is correct before replying.  If a customer returns a change of address notification only, a CSO (Customer Service Officer) or a Data Entry staff member amends the customer’s file within a 30 day time period. If a customer includes change of address details with a paid order, the address update is completed at the same time the order is entered.

All returns are flagged in the database.  Any customer issues are handled by our CSO’s who have the opportunity to close and refund accounts, flag customers, contact and correspond with customers for further details.  Any resultant changes to customer or order attributes are captured and actioned accordingly.

The system also looks for any inconsistencies and suspends the orders until a CSO addresses the issue.  In addition, we have routines that look for possible duplicate customers either automatically merges the customers or presents this candidate duplicate names to data entry staff member for their decision

Personal Information is stored in secure premises where unauthorised access is prevented through, automatic locking doors during business hours and electronic and private surveillance outside business hours.

We strive to maintain the reliability, accuracy, completeness and currency of customer information in our databases and to protect the privacy and security of our databases.

Our servers and our databases are protected by industry standard security technology, such as industry standard firewalls and password protection.  We are currently in the process of building a hardened set of web servers.

Sometimes we process sensitive data that requires industry standard Secure Socket Layer (SSL) encrypted browsers.  We use 128-bit encryption or better to protect transmissions over the Internet.

We are compliant with the Payment Card Industry (PCI) for all credit card handling.  In addition the storage of the columns that store credit card numbers in ADMS are encrypted using ORACLE TDE technology.

The employees who have access to Personal Information have been trained to handle such data properly and in accordance with our security protocols (including privacy breaches), and strict standards of confidentiality.  Although we cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data, we take reasonable precautions to prevent such unfortunate occurrences.

Upon receipt of your written request and enough information to permit us to verify your identity and identify your Personal Information, we will disclose to you the Personal Information we hold about you.

This Privacy Policy has been distributed amongst all Marketing and Customer Service staff and is readily available to any other staff member.  A customer may request to view a copy of this document either electronically or hard copy.

Our promotions include a Privacy Statement, to principally inform customers that we may rent their name to other companies and how to access their Personal Information, which reads as follows:

We pride ourselves on our customer service and trust that you are happy to receive information about our products and services.  We advise that customer information provided to us is used for purposes of selecting and making appropriate offers to you.  From time to time we also make our mailing lists available to carefully screened local and international companies whose products or services may be of interest to you.  Such information was made available to us to enable us to make you this offer.

If you wish to access or update your personal information, have your name removed from our mailing lists, suspect a privacy breech, or if you do not want us to disclose your name, please write to:  The Privacy Officer, PO Box 5649, Gold Coast MC, QLD 9726 AUSTRALIA, and indicate your choice.

Upon receipt of your written request and enough information to permit us to verify your identity and identify your Personal Information, we will correct, amend or delete any Personal Information that is inaccurate or out of date. Incomplete details will be amended per your request.  We do not collect or hold information about you that may be potentially misleading or irrelevant to our dealings with you.

Information integrity is maintained through various internal processes.  Our Marketing department uses a merging program that automatically outputs customers who might be in the system twice or more so that we can correctly choose the right address and merge the duplicates together.  CSO’s also look for duplicate customers when processing queries as part of general housekeeping.  Personal information is also verified with customers in routine correspondence.

If you wish to access or correct your Personal Information, or you suspect a privacy breach, please write to our Privacy Officer at PO Box 5649, GCMC QLD 9726 AUSTRALIA.  We do not charge for complying with a correction request, however, for all other requests, we may charge a small fee to cover our costs.  Requests to delete Personal Information or investigate a potential breach are subject to any applicable legal and ethical reporting or document retention obligations imposed on us.

Consistent with our Complaints Management Program, we constantly set high standards of customer service and will respond to requests for correction of personal details or privacy breach concerns within 30 days in writing.  Should your request to change your personal information be denied, you will be notified of the grounds for the refusal and be given the opportunity to respond.  Any privacy breach concerns will be investigated and responded to in writing.

We will also make provision to update other relevant parties of your corrected Personal Information where applicable.

If you have any questions about this Privacy Policy or concerns about the way we process your Personal Information, please contact us by e-mailing us at customerinfo@ozemail.com.au or write to the Privacy Officer at PO Box 5649, GCMC  QLD  9726.