1. Introduction
Score A Million Limited (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy.
This Privacy Policy explains:
- What personal data we collect
- How we use your data
- Who we share it with
- How long we keep it
- Your rights under UK GDPR
We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Personal Data We Collect
We collect the following categories of personal data:
2.1 Identity Data
- Full name
- Date of birth
- Email address
- Phone number (if provided)
- Proof of identity documents (for verification purposes)
2.2 Account Data
- Username and password (hashed)
- Login history and session data
- Competition entries and predictions
- Account preferences and settings
2.3 Financial Data
- Wallet balance and transaction history
- Entry fees paid
- Prizes won and withdrawn
- Payment method details (processed by our payment provider - we do not store full card details)
2.4 Technical Data
- IP address
- Browser type and version
- Device type and operating system
- Time zone and location data
- Page interaction data (clicks, time on page)
2.5 Communications Data
- Contact form submissions
- Customer support inquiries
- Email correspondence
3. How We Use Your Personal Data
We use your personal data for the following purposes:
3.1 To Operate Competitions
- Register and manage your account
- Process competition entries
- Calculate scores and determine winners
- Award prizes and manage wallet balances
3.2 To Process Payments & Withdrawals
- Process entry fee payments
- Transfer prize winnings to your wallet
- Process withdrawal requests
- Comply with financial recordkeeping requirements
3.3 For Security & Fraud Prevention
- Verify your identity and age
- Detect and prevent fraud, collusion, or cheating
- Monitor for suspicious activity
- Enforce our Terms & Conditions
3.4 For Customer Support
- Respond to your inquiries
- Resolve disputes or complaints
- Provide technical support
3.5 For Legal & Regulatory Obligations
- Comply with UK financial regulations
- Respond to legal requests or court orders
- Maintain records as required by law
3.6 To Improve Our Platform (Optional)
- Analyze usage patterns (anonymized where possible)
- Test new features
- Improve user experience
4. Legal Basis for Processing
Under UK GDPR, we must have a lawful basis to process your personal data. We rely on:
4.1 Contractual Necessity
Processing is necessary to perform our contract with you (e.g., operating competitions, processing payments).
4.2 Legitimate Interest
Processing is necessary for our legitimate interests (e.g., fraud prevention, security monitoring, improving our service) provided it does not override your fundamental rights.
4.3 Legal Obligation
Processing is necessary to comply with UK law (e.g., financial recordkeeping, age verification).
4.4 Consent
Where required, we will ask for your explicit consent (e.g., marketing emails). You can withdraw consent at any time.
5. Who We Share Your Data With
We do NOT sell your personal data to third parties. We may share your data with:
5.1 Service Providers
- Payment processors (e.g., Braintree, Stripe) - to process transactions
- Email service providers - to send account and competition emails
- Cloud hosting providers - to host our Platform and database
- Analytics providers - to understand Platform usage (anonymized where possible)
5.2 Fraud Prevention Services
We may share data with fraud detection and prevention services to protect the integrity of our Platform.
5.3 Legal & Regulatory Authorities
We may disclose your data if required by law, court order, or to protect our legal rights.
5.4 Data Processor Safeguards
All third-party service providers are required to:
- Process your data only as instructed by us
- Implement appropriate security measures
- Comply with UK GDPR
6. How Long We Keep Your Data
We retain your personal data only as long as necessary for the purposes outlined in this Policy.
Retention Periods
- Active accounts: Data retained while your account is active
- Closed accounts: Data deleted within 30 days of closure, except:
- Financial records: Retained for 7 years (UK legal requirement)
- Fraud/dispute records: Retained for 7 years
- Marketing data: Deleted immediately upon opt-out
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
7.1 Right to Access
Request a copy of the personal data we hold about you.
7.2 Right to Rectification
Request correction of inaccurate or incomplete data.
7.3 Right to Erasure (“Right to be Forgotten”)
Request deletion of your data (subject to legal retention requirements).
7.4 Right to Restrict Processing
Request that we limit how we use your data.
7.5 Right to Data Portability
Receive your data in a structured, machine-readable format.
7.6 Right to Object
Object to processing based on legitimate interests or for marketing purposes.
7.7 Right to Withdraw Consent
Withdraw consent at any time (where processing is based on consent).
To exercise any of these rights, please contact us using the details in Section 11.
8. Cookies & Tracking
We use cookies to enhance your experience on the Platform.
8.1 Essential Cookies
Required for the Platform to function (e.g., authentication, session management). These cannot be disabled.
8.2 Analytics Cookies (Optional)
Help us understand how users interact with the Platform. You can opt out at any time.
For more information, see our Cookie Policy (available in account settings).
9. Data Security
We implement industry-standard security measures to protect your personal data:
- Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
- Access controls: Role-based access with multi-factor authentication
- Password hashing: Passwords hashed using Argon2
- Regular audits: Periodic security reviews and penetration testing
- Monitoring: Automated alerts for suspicious activity
While we take security seriously, no system is 100% secure. Please use a strong, unique password and enable multi-factor authentication when available.
10. International Data Transfers
We primarily store data within the UK. If we transfer data outside the UK, we ensure:
- The destination country has adequate data protection laws, or
- We use Standard Contractual Clauses approved by the UK ICO
11. Contact Us & Complaints
Data Protection Queries
For privacy or data protection questions:
📧 Email: Contact Form
Subject line: “Data Protection Request”
Right to Lodge a Complaint
If you believe we have not handled your data properly, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk/
Phone: 0303 123 1113
12. Children's Privacy
Our Platform is NOT intended for children under the age of 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- The “Last Updated” date will be revised
- Material changes will be communicated via email or Platform notice
- Continued use after changes constitutes acceptance
Your privacy matters to us. We are committed to transparency and compliance with UK data protection laws. If you have questions or concerns, please don't hesitate to contact us.