Classic Lotto

Privacy Policy Statement

Effective Date: January 1, 2026. This document details our stringent data protection frameworks aligning with the Australian Privacy Principles (APPs).

1. Information Collection: Scope and Necessity

At Classic Lotto, we operate on a principle of data minimization; we collect only what is strictly necessary to facilitate secure syndicate participation, process financial transactions, and maintain rigorous compliance with Australian law. This section details the explicit categories of data we gather.

1.1 User-Provided Data

During account registration and the mandatory Know Your Customer (KYC) verification process, we require specific, verifiable personal details. This includes your full legal name, a verified email address, a secure password, and your primary residential address. Furthermore, to comply with Anti-Money Laundering (AML) directives, we collect government-issued identification numbers and documents (such as a valid driver's license or passport) prior to authorizing any withdrawal of funds or payout of winnings.

1.2 Automatically Tracked Data

When you interact with the Classic Lotto platform, our servers automatically log essential technical data to ensure session security and system integrity. This automated collection encompasses your IP address, browser type and version, operating system, and the specific timestamps of your login events and ticket purchases. This data is utilized exclusively for anti-fraud monitoring and maintaining the operational stability of the platform, never for external profiling.

2. Usage Policies: Operations and Compliance Sharing

We do not sell, rent, or commercialize your personal information. The data we collect is utilized strictly within the operational parameters required to deliver our syndicate services safely.

2.1 Core Operational Usage

Your information is used to process your entry purchases, allocate your syndicate shares, calculate and distribute payouts accurately, and provide necessary customer support. We also use your email to send legally required notices, cryptographic draw receipts, and security alerts regarding your account.

2.2 Third-Party Integrations and Compliance Sharing

To operate a secure financial platform, we must share limited data with audited third-party partners. This includes regulated payment gateways (to process deposits and withdrawals) and certified identity verification services (to perform instant KYC checks). Additionally, we are legally obligated to disclose information to Australian law enforcement or regulatory bodies (such as AUSTRAC) if compelled by a lawful subpoena or if we detect patterns indicative of financial crime or fraud.

3. User Rights: Access, Modification, and Deletion Protocols

Under the Australian Privacy Principles, you maintain explicit rights regarding the personal data we hold. Classic Lotto provides structured pathways for you to exercise these rights efficiently.

  • Right of Access: You may request a complete, machine-readable export of the personal data linked to your account. This includes your transaction history and verified identity documents.
  • Right of Rectification: You may update inaccurate information. Note that changing core identity details (such as your legal name) will trigger a secondary KYC verification process to ensure ongoing compliance.
  • Right to Erasure (Deletion): You may request the deletion of your account and associated data. Please refer to Section 4 regarding mandatory retention periods that supersede this right.

To initiate any of these requests, you must contact our Data Protection Officer directly via email at privacy@classic-lotto.com. Requests are typically processed within 14 business days following successful identity verification.

4. Data Retention: Timelines for Secure Purging

We retain your personal data only for as long as is necessary to fulfill the purposes outlined in this policy, or as mandated by statutory requirements.

While an account remains active, all associated data is retained to provide uninterrupted service. Upon an account closure request, marketing and non-essential session data is purged within 30 days. However, due to strict Australian financial regulations and anti-money laundering laws, core transactional data and verified identity records must be retained in a securely archived state for a minimum period of seven (7) years following the closure of the account. Once this statutory period expires, the data is permanently and irrecoverably destroyed using certified cryptographic erasure protocols.