Privacy Policy - Data Processor

WINR Data respects your privacy. As a data processor we work directly with online Publishers (data controllers) to provide consumer data management. We also work with global brands (Clients) to provide targeted third-party data licensing services. Our key focus is compliance, transparency, and consent-driven data management.

Contact Us

We are WINR Data Pty Ltd, 100 Walker Street, North Sydney, NSW 2060 Australia. Registration Number: ABN 73 653 357 450.

Contact us at info@winrdata.com. This Policy was last reviewed and updated July 2022.

Compliance

For any privacy or compliance questions or requests contact our Global Privacy Officer maeve@winrdata.com.

We are registered with the UK Supervisory Authority, Information Commissioners Office (ICO). Our registration number is: ZA600332. If you believe we are not processing your personal data in accordance with the law, you have the right to contact your country's Supervisory Authority and in the instance of the UK - https://ico.org.uk. Our EU Representative is VeraSafe UK and they can be contacted https://verasafe.com/public-resources/contact-data-protection-representative.

Transparency

As a Processor, we provide all our Publishers with best-practice guidance and put them through a detailed data protection compliance process before engagement. Then ultimately, we act upon their instruction, under a Data Processing Agreement. We request that all our Publishers have a transparency statement around the use of data which states;

"We may share your contact information with our partner WINR Data Pty Ltd. (WINR) and their global partners for the purpose of:

ID Protection - preventing others from misusing your details. This may include ID validation for anti-money laundering, anti-fraud, preventing crime, asset recovery, debt collection and reuniting people with unclaimed assets.

Advertising - providing offers that are relevant to you. This may involve data analysis, matching, profiling and predicting behaviours so you may receive advertising that is more relevant to you."

Concurrently, as a Processor we work with Clients and may with your consent share your personal data with them to support their work in the areas of online targeting, fraud prevention, identification verification and other areas of financial services.

Our Clients and their market sectors include: view our client list.

Consent-Driven Data

We only work with Publishers and their data, where the consumer has given clear consent to the Marketing and third-party use of their data. The data variables we process include, where available:

  • Name
  • Address
  • Mobile No.
  • Email Address
  • Date of Birth
  • Data Source and
  • IP Address

Consumer Privacy

As a Data Processor we will never contact a consumer directly. We will only act upon a Publisher's instruction and support them to meet their regulatory requirements:

  • We store data for the retention period stated by the Publisher
  • We encourage our Publishers & Clients to help us keep the data clean and up to date
  • We provide the contact details of our Privacy Officer to all Publishers to ensure the consumer can action any privacy requests
  • We carry out monthly file updates, removing, cleaning and updating records, as instructed by the Publisher and ultimately the consumer. This process ensures the consumer has the right to:
    1. Ask the Publisher what information is held, who it is shared with and receive a copy of their data
    2. Ask the Publisher to delete or stop communication
    3. Ask the Publisher to transfer a copy of their details to another organisation, where appropriate

Third-Party Access

To ensure we provide an efficient and secure service for both our Publishers, their data and our Clients, we engage, under a Data Processing Agreement, with Amazon Web Services (AWS), processing within country of origin where possible.

Data Privacy & Security

We have a secure infrastructure in place, hosted by Amazon Web Services, designed to minimise risk and protect consumer data entrusted to us. Our security framework includes:

  • The implementation of Data Protection & Security Policies & Procedures
  • Limited access to personal data by trained team members only
  • All employees have received data protection training and understand their responsibilities under GDPR, CCPA and other equivalent global regulations.
  • Security certifications and accreditations such as ISO 27017 for cloud security and ISO 27018 for cloud privacy.