Privacy Policy
How First Lotto AU collects, uses, and protects your personal information.
Effective Date: 1 March 2025 | Last Updated: 10 April 2026
First Lotto AU (ABN 47 382 910 654), operated by First Lotto AU Pty Ltd, is committed to protecting your privacy and handling your personal information in a responsible manner consistent with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Policy explains what information we collect, how we use it, and the choices you have.
1. Who We Are
First Lotto AU Pty Ltd is registered in Victoria, Australia. Our registered address is 120 Collins Street, Melbourne VIC 3000, Australia. You can contact our Privacy Officer at [email protected] or by calling +61 3 9642 7391 during business hours (Monday to Friday, 9:00 AM – 5:30 PM AEST).
2. Personal Information We Collect
We may collect the following categories of personal information from you:
- Identity data: Full name, date of birth, and proof of age documents used for age verification.
- Contact data: Email address, phone number, and residential address within Australia.
- Account data: Username, encrypted password, account preferences, and transaction history.
- Financial data: Payment card details (tokenised via our payment gateway), bank account details for prize payouts, and transaction records.
- Usage data: IP address, browser type, operating system, pages visited, session duration, and clickstream data collected via cookies and similar technologies.
- Communications data: Records of correspondence you send us, including support requests and feedback submissions.
We do not knowingly collect sensitive information (as defined under the Privacy Act) unless it is reasonably necessary and you have provided your consent.
3. How We Collect Personal Information
We collect personal information through the following channels:
- Directly from you when you register an account, enter a draw, or contact us.
- Automatically via cookies, web beacons, and analytics tools when you browse our website.
- From third parties such as payment processors, identity verification services, and fraud prevention providers.
4. Purpose of Collection and Use
We use your personal information for the following purposes:
- To create and manage your player account and verify your identity and age.
- To process ticket entries, draw participation, and prize payments.
- To send transactional communications (draw confirmations, results, payout receipts).
- To send promotional communications where you have opted in to receive them.
- To comply with our responsible gambling obligations, including monitoring for problem gambling indicators.
- To detect, prevent, and investigate fraudulent or unauthorised activity.
- To improve our website functionality and user experience through analytics.
- To comply with applicable laws, court orders, and regulatory requirements.
5. Disclosure of Personal Information
We may share your personal information with third parties only where necessary and permitted by law:
- Payment processors: Stripe Australia and Pty Ltd for secure payment handling.
- Identity verification providers: For age and identity confirmation as required by regulation.
- IT service providers: Cloud hosting, email delivery, and analytics platforms operating under data processing agreements.
- Regulators and law enforcement: Where required by law or a lawful request from a government authority.
- Responsible gambling bodies: Where we are obligated to report concerns about a player’s gambling behaviour.
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
6. Overseas Disclosure
Some of our third-party service providers may process data outside of Australia (for example, cloud infrastructure hosted in the United States or European Union). Where this occurs, we take reasonable steps to ensure those parties are bound by privacy obligations at least equivalent to the Australian Privacy Principles.
7. Data Security
We implement industry-standard technical and organisational measures to protect your personal information from unauthorised access, disclosure, alteration, or loss. These measures include 256-bit TLS encryption in transit, AES-256 encryption at rest, access controls, and regular security audits. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
8. Data Retention
We retain personal information for as long as your account is active and for a period of seven (7) years after account closure to comply with our financial record-keeping and anti-money laundering obligations. After this period, information is securely deleted or de-identified.
9. Your Rights and Access
Under the Privacy Act 1988 (Cth), you have the right to:
- Request access to the personal information we hold about you.
- Request correction of inaccurate, incomplete, or outdated information.
- Opt out of direct marketing communications at any time.
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy.
To exercise any of these rights, please contact our Privacy Officer at [email protected]. We will respond within 30 days.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to improve website functionality and analyse traffic. Please refer to our Cookie Policy for full details on the types of cookies we use and how to manage your preferences.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legislation. The revised policy will be published on this page with an updated effective date. We encourage you to review this page periodically.
12. Contact Us
For any privacy-related enquiries, please contact:
Privacy Officer, First Lotto AU Pty Ltd
120 Collins Street, Melbourne VIC 3000, Australia
Email: [email protected]
Phone: +61 3 9642 7391
You may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.