REFER A FRIEND → FREE TICKETS
LOG IN | REGISTER

Privacy Policy

Use this as the privacy framework for UK GDPR compliance.

  1. Data controller
    The data controller is OctoComps legal company name, of registered address. If you have questions about privacy, contact privacy@octocomps.co.uk.
    Need to fill in: legal entity, registered address, and privacy email.
  2. What data we collect
    We may collect:
    • Name.
    • Email address.
    • Date of birth.
    • Home address.
    • Payment status and transaction metadata.
    • Purchase history.
    • Wallet balance.
    • Profile picture.
    • Account activity and support messages.
    • Technical data such as IP address, device details, and cookies.
    We do not store full card details directly if payments are handled by Stripe.
    Need to confirm: whether you collect phone numbers, marketing preferences, or device data.
  3. Why we use your data
    We use your data to:
    • Create and manage your account.
    • Process competition entries and prizes.
    • Verify age and eligibility.
    • Carry out responsible gambling-style checks.
    • Prevent fraud and abuse.
    • Meet legal and tax obligations.
    • Send marketing messages where you have opted in.
    Need to confirm: whether marketing is email-only or includes SMS/push.
  4. Lawful bases
    We rely on:
    • Contract: to provide accounts, entries, and prizes.
    • Legal obligation: for age checks, financial records, and compliance requirements.
    • Legitimate interests: for fraud prevention, platform security, and service improvement.
    • Consent: for marketing where required.
    Need solicitor review: whether any processing needs a different lawful basis.
  5. GAMSTOP and verification checks
    We may share your name and date of birth with GAMSTOP or related self-exclusion verification systems to confirm eligibility and apply self-exclusion rules. This is done to comply with legal and regulatory obligations and to support responsible play.
    Need to confirm: exact wording of the check, vendor name, and whether any other verification provider is used.
  6. Third parties
    We may share data with:
    • Stripe for payment processing.
    • GAMSTOP or equivalent self-exclusion services.
    • Email service providers.
    • Hosting and cloud providers.
    • Support and analytics providers.
    • Professional advisers and regulators where required.
    Need to fill in: the actual names of each provider.
  7. Data retention
    We keep personal data only as long as necessary. Financial and transaction records are typically kept for 7 years for accounting and legal purposes. Other records may be kept for shorter or longer periods depending on the purpose.
    Need to confirm: your retention schedule for accounts, marketing, support tickets, and inactive users.
  8. Your rights
    You may have rights to:
    • Access your data.
    • Correct inaccurate data.
    • Erase data in some cases.
    • Restrict processing.
    • Object to processing.
    • Request data portability.
    • Withdraw consent for marketing.
    Need to fill in: the exact procedure for rights requests and identity verification.
  9. Cookies
    We use cookies and similar technologies for:
    • Session management.
    • Age gate functionality.
    • Cart and checkout features.
    • Security.
    • Analytics, if enabled.
    Need to confirm: whether you use analytics or advertising cookies.
  10. Marketing
    We only send marketing where permitted by law, usually on an opt-in basis. You can unsubscribe at any time by following the link in the message or by contacting us at privacy@octocomps.co.uk.
    Need to confirm: whether you send SMS marketing or just email.
  11. International transfers
    If any service provider processes data outside the UK, we will ensure appropriate safeguards are in place.
    Need to confirm: whether any providers are hosted outside the UK.
  12. Complaints
    You can complain to us directly first. You also have the right to complain to the UK Information Commissioner’s Office.
    Need to confirm: complaint contact details and internal handling process.
    What you still need
    Here is the short checklist of missing items:
    • Legal company name.
    • Registered address.
    • Company number.
    • Privacy email.
    • Support email.
    • Free-entry route method and instructions.
    • Ticket caps per competition.
    • Winner notification and claim deadlines.
    • Whether prizes can ever have cash alternatives.
    • Wallet/cashback/charity mechanics.
    • Refund and cancellation policy.
    • Exact third-party providers.
    • Retention periods.
    • Marketing channels used.
    • Any age-verification provider besides GAMSTOP.
    Important caution
    The free entry route is the most legally critical part and should be reviewed by a UK solicitor before launch. The same is true for the wallet wording, cashback mechanics, and any language that could make the site look like gambling rather than a prize competition.