Smart Lotto ensures its employees receive training in the proper handling of personal information. Access to information held by us is limited to authorised people on a strict need-to-know basis relevant to their roles and responsibilities.
smartlotto.ie and game.smartlotto.ie (“We”) are committed to protecting and respecting your privacy.
This policy together with any other documents referred to in it and any other terms and conditions of use sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (the Act), the data controllers are smartlotto.ie and game.smartlotto.ie
What Personal Information do we collect
The personal information that SmartLotto collects about you may include your:
We may collect and process the following data about you:
Information that you provide by filling in forms on our site smartlotto.ie and game.smartlotto.ie. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
If you contact us, we may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
Personal information (such as name, address, telephone number, email address) is protected on a computerised system to ensure that loss, misuse, unauthorised access or disclosure, alteration or destruction of this information is not probable. Sensitive information (such as credit card number, account number) is protected by secure server software. This secure software encrypts financial information provided online through the use the Secure Sockets Layer (SSL) protocol. We use the Authipay system to process our payments. It prevents anyone else reading your personal and sensitive information while your fee is being processed online. It is your responsibility to keep your password secure at all times to avoid unauthorised use of your smartlotto.ie and game.smartlotto.ie accounts.
Cookies are small text files that are placed on to your computer’s hard drive by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in anonymous form, including the number of visitors to the site, where visitors have come to the site from pages they visited.
These are temporary cookies that remain in the cookie folder of your browser until you leave the site. We use Session Cookies to facilitate smooth navigation and consistency throughout the website. These are defined as essential to the operation of the site and do not contain any personal data.
Most web browsers allow some user control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
There are a number of ways to manage cookies. If you use different computers in different locations you will need to ensure that each browser is adjusted to suit your cookie preferences.
You can easily delete any cookies that have been installed in the cookie folder of your browser. For example, if you are using Microsoft Internet Explorer 8:
Open ‘Internet Explorer’
Click on ‘Tools’ menu
Click ‘Delete Browsing History’
Tick ‘Cookies’ and click ‘Delete’
If you are not using Microsoft Internet Explorer, then you should search for “cookies” in the “Help” function for information on where to find your cookie folder and the controls to manage them.
Where we store your personal data
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses made of the information
We use information held about you in the following ways:
To ensure that content from our site is presented in the most effective manner for you and for your computer.
To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
To carry out our obligations arising from any contracts entered into between you and us.
To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service.
Where you agree, we may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone.
Use of Personal Information
Your personal information may be used to:
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
If information is requested by the data commissioner or by court order.
The Data Protection Commissioner is responsible for ensuring that people's rights are respected, and that the persons who keep personal information meet their responsibilities. The Commissioner's approach to complaints, as provided under the Acts, is to try to reach an amicable resolution to the matter which is the subject of the complaint. In cases where it is not possible to reach an amicable resolution, a complainant may ask the Commissioner to make a formal decision as to whether a contravention has occurred. However, the Commissioner does not have the power to award compensation. The Commissioner's main priority, if he upholds your complaint, is that the data controller complies with the law and puts matters right. If the Commissioner rejects your complaint, he will inform you of this in writing. If you disagree with the Commissioner's finding, you have the right to appeal the decision to the Circuit Court.
The Data Protection Acts makes it clear that organisations or individuals who hold your personal data owe you a duty of care. If you suffer damage through the mishandling of your personal information, then you may be entitled to claim compensation through the Courts and this is a matter for you and your legal advisers. The Commissioner has no function in relation to the taking of such proceedings or in the giving of legal advice.
To assist the Commissioner in exercising his / her functions, he or she is assigned certain important powers under the Data Protection Acts, 1988 and 2003, and under the Electronic Communications Regulations, S.I. 535 of 2003 (as amended by SI 526 of 2008).
a) Investigations by the Data Protection Commissioner
Under section 10 of the Data Protection Acts, 1988 and 2003, the Commissioner will investigate any complaints which he receives from individuals who feel that personal information about them is not being treated in accordance with the Act, unless he is of the opinion that such complaints are "frivolous or vexatious". The Commissioner notifies the complainant in writing of his decision regarding the complaint. The Commissioner's decision can be appealed to the Circuit Court.
The Commissioner may also launch investigations on his own initiative, where he is of the opinion that there might be a breach of the Act, or he considers it appropriate in order to ensure compliance with the Acts.
b) The Commissioner's Power to Obtain Information
Under section 12 of the Data Protection Acts, 1988 and 2003, the Data Protection Commissioner may require any person to provide him with whatever information the Commissioner needs to carry out his functions, such as to pursue an investigation. The Commissioner exercises this power by providing a written notice, called an "information notice", to the person.
A person who receives an information notice has the right to appeal it to the Circuit Court.
Failure to comply with an information notice without reasonable excuse is an offence. Knowingly to provide false information, or information that is misleading in a material respect, in response to an information notice is an offence. No legal prohibition may stand in the way of compliance with an information notice. The only exceptions to compliance with an information notice are (i) where the information in question is or was, in the opinion of the Minister for Justice, Equality and Law Reform, or in the opinion of the Minister for Defence, kept for the purpose of safeguarding the security of the State, and (ii) where the information is privileged from disclosure in proceedings in any court.
c) The Commissioner's Power to Enforce Compliance with the Act
Under section 10 of the Data Protection Act, 1988, the Data Protection Commissioner may require a data controller or data processor to take whatever steps the Commissioner considers appropriate to comply with the terms of the Data Protection Act, 1988. Such steps could include correcting the data, blocking the data from use for certain purposes, supplementing the data with a statement which the Commissioner approves, or erasing the data altogether. The Commissioner exercises this power by providing a written notice, called an "enforcement notice", to the data controller or data processor. A person who receives an enforcement notice has the right to appeal it to the Circuit Court.
It is an offence to fail or refuse to comply with an enforcement notice without reasonable excuse.
d) The Commissioner's Power to Prohibit Overseas Transfer of Personal Data
Under section 11 of the Data Protection Acts, 1988 and 2003, the Data Protection Commissioner may prohibit the transfer of personal data from the State to a place outside the State. The Commissioner exercises this power by providing a written notice, called a "prohibition notice", to the data controller or data processor.
In considering whether to exercise this power, the Commissioner must have regard to the need to facilitate international transfers of information.
A prohibition notice may be absolute, or may prohibit the transfer of personal data until the person concerned takes certain steps to protect the interests of the individuals affected. A person who receives an prohibition notice has the right to appeal it to the Circuit Court.
It is an offence to fail or refuse to comply with a prohibition specified in a prohibition notice without reasonable excuse.
e) The Powers of "Authorised Officers" to Enter and Examine Premises
Under section 24 of the Data Protection Acts, 1988 and 2003, the Data Protection Commissioner may appoint an "authorised officer" to enter and examine the premises of a data controller or data processor, to enable the Commissioner to carry out his functions, such as to pursue an investigation. The authorised officer, upon production of his or her written authorisation from the Commissioner, has the power to:
· enter the premises and inspect any data equipment there
· require the data controller, data processor or staff to assist in obtaining access to data, and to provide any related information
· inspect and copy any information
· require the data controller, data processor or staff to provide information about procedures on complying with the Act, sources of data, purposes for which personal data are kept, persons to whom data are disclosed, and data equipment on the premises.
It is an offence to obstruct or impede an authorised officer; to fail to comply with any of the requirements set out above; or knowingly to give false or misleading information to an authorised officer.
f) Appeals to the Court
Disclaimer: If you are contemplating taking an appeal against a decision of the Commissioner, or against the exercise of the Commissioner's powers, it is recommended that you seek independent legal advice. Note that the material contained in this section is provided for general information purposes only, and does not purport to be legal advice or a definitive interpretation of the law.
Under section 26 of the Data Protection Acts, appeals can be made to the Circuit Court against:-
· a requirement specified in an information notice
· a requirement specified in an enforcement notice
· a prohibition specified in a prohibition notice
· a refusal by the Data Protection Commissioner to accept an application for registration, or for renewal of registration, or for an amendment of registration details
· a decision of the Data Protection Commissioner in relation to a complaint by an individual.
Appeals to the court must normally be made within 21 days from the service of the notice, or from the date of receipt of the refusal or decision. The decision of the court is final, although an appeal against the court's decision may be brought to the High Court on a point of law.
g) Prosecution of offences under Data Protection Acts and under S.I. 336 of 2011 (Electronic Privacy Regulations).
Section 30 of the Data Protection Acts provides that the Commissioner may bring summary proceedings for an offence under the Acts. The Commissioner also has the power to prosecute offences in relation to unsolicited marketing under S.I. 535 of 2003 (Electronic Communications Regulations) (as amended by SI 526 of 2008).
We may disclose your personal information to third parties:
At smartlotto.ie and game.smartlotto.ie we take your privacy and your information security very seriously. smartlotto.ie and game.smartlotto.ie will not sell or rent your personally identifiable information to anyone. As a member of an organisation your personal details will be made available to the organization (This excludes bank account/credit card information). smartlotto.ie and game.smartlotto.ie declines all responsibility for the subsequent use of your personal information by the organisation.This organisation may contact you from time to time via email. The personal data provided is stored on our secure computerised database to enable us to respond to your requests. We may communicate with you in the future by mail, email and telephone.
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If smartlotto.ie and game.smartlotto.ie or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
These third parties include:
Sendmode - Sendmode severs both Production and Disaster Recovery are located within the EU.
Pipedrive - Pipedrive datacenter is in the EU.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to Personal Information
You have the right under ePrivacy Regulations 2011 (S.I. 336 of 2011) and the EU e Privacy Directive 2002/58/EC legislation & General Data Protection Regulations is available from the Office of the Irish Data Protection Commissioner to seek access to the personal information held by SmartLotto about you. If you wish to exercise this right, or if you believe that the information is incorrect, incomplete or out-of-date, you should either correct/update the information through the smartlotto.ie website by logging into My Account using your username and password, or contact us. All requests to access personal information must be made in writing or by email and addressed to the Privacy Officer at the addresses listed at the end of this document. It is SmartLotto policy to respond to any such request within a reasonable period of time after the request is received. SmartLotto Ltd. will not charge you for making requests to access any information held about you, however, we reserve the right to undertake cost recovery for the provision of such information where it is justified. If there is a reason for not granting you access to your information, we will provide you with a written explanation of the reasons for the refusal (unless unreasonable to do so) and inform you of the mechanisms to complain about the refusal.
Enquiries and Complaints
Information about the ePrivacy Regulations 2011 (S.I. 336 of 2011) and the EU e Privacy Directive 2002/58/EC legislation & General Data Protection Regulations is available from the Office of the Irish Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, Ireland. If you have a complaint regarding Smart Lotto's management of your personal information or wish to correct information held by us or require further information, please contact us.
Our policy is to respond to your complaint, correction request or query within a reasonable period of time after the complaint is received. If you are not satisfied with the outcome of your complaint, you may refer your complaint to the Office of Data Protection Comissioner by LoCall 1890 25 22 31 , Phone 00353 57 868 4800 , Fax 00353 57 868 4757 , email email@example.com or by visiting the website www.dataprotection.ie
Smart Lotto reserves the right to make changes to this Privacy Statement. Any changes made to the Privacy Statement in the future will be posted on this page and such changes will become effective upon posting of the revised Privacy Statement. If we make any material or substantial changes to this Privacy Statement we will use reasonable endeavours to inform you by email, notice on our Smart Lotto.ie website or other agreed communications channels.
Smart Lotto Ltd
Belmullet Industrial Estate,
Call 097 82788 for any queries or enquiries
dated: 23rd May 2018