This Privacy Policy explains how CmC Digital Pty Ltd (ABN 99 838 153 483) (“we”, “us”, “our”) collects, uses, holds and discloses personal information in connection with the Raffle Hat App and any related websites or services (the “App”). We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).
By downloading, installing or using the App you acknowledge that you have read and understood this Privacy Policy.
01 About the App
The Raffle Hat App is a platform that allows eligible organisations and individuals (“Organisers”) to conduct raffles, prize draws and similar promotions, and allows users (“Participants”) to purchase tickets and enter those raffles. We act as the platform operator. Organisers are responsible for the lawful conduct of their raffles, including obtaining all required permits and licences.
This Privacy Policy covers personal information we collect from both Organisers and Participants.
02 What we collect
We collect only the information needed to operate the App and comply with our legal obligations.
From all users
- Name, email address, phone number, date of birth (for age verification 18+) and password or third-party sign-in identifier (e.g. Sign in with Apple).
- Device and usage data: device model, operating system version, App version, language, IP address, crash logs, diagnostic data and aggregated usage analytics.
- Communications with our support team.
- An anonymous in-App identifier and, where you have consented in iOS settings, an Identifier for Advertisers (IDFA).
From Participants who purchase tickets
- Billing name and address.
- Payment information processed by our PCI-DSS compliant payment provider (e.g. Apple In-App Purchase, Stripe). We do not store full payment card numbers on our systems.
- Transaction history (raffles entered, tickets purchased, amounts paid).
- Prize delivery details where you win a prize (postal address, contact details).
- Where required by law, identity verification information (e.g. proof of age, proof of identity for prize claims above regulated thresholds).
From Organisers
- Business name, ABN/ACN, registered address, contact details, banking and payout information.
- Permit and licence numbers, charitable status documentation and supporting evidence required by state/territory gambling regulators.
- Director and authorised representative details for KYC and AML checks.
We do not intentionally collect sensitive information (as defined by the Privacy Act).
03 How we collect it
We collect information directly from you when you register, purchase tickets, host a raffle, claim a prize or contact us. We collect device and usage data automatically through trusted analytics and crash-reporting providers (see Section 6). We may also receive information from Apple if you use Sign in with Apple, from our payment processors and from third-party identity verification providers.
04 Why we collect, hold and use your information
We collect and use your personal information to:
- create and manage your account and verify that you are 18 years or older;
- enable Participants to discover, enter and pay for raffles;
- enable Organisers to host raffles, manage entries, conduct draws and notify winners;
- process payments, payouts and refunds;
- contact winners, verify their identity where required by law and arrange delivery of prizes;
- comply with anti-money laundering, counter-terrorism financing, gambling regulator and tax reporting obligations;
- detect, prevent and address fraud, abuse, multi-accounting, security incidents and breaches of our Terms;
- support responsible gaming, including identifying and acting on signs of problem gambling;
- improve the App through analytics, A/B testing and crash reporting;
- send transactional and service communications (e.g. ticket confirmations, draw results, account notices);
- comply with our legal obligations and respond to lawful requests from regulators and law enforcement.
If we propose to use your personal information for a materially different purpose, we will seek your consent or otherwise comply with the APPs.
05 If you don’t provide information
You can browse limited public information about active raffles without an account. To create an account, purchase tickets, host a raffle or claim a prize, we require certain information (such as date of birth, contact details and, for prize claims above regulated thresholds, identity verification). If you choose not to provide this information, we will not be able to provide those services to you.
06 Disclosure to third parties
We disclose personal information to:
- Payment processors and financial institutions (e.g. Apple, Stripe) to process ticket purchases, payouts and refunds.
- Identity verification and AML providers (e.g. for KYC checks where prize values trigger statutory thresholds).
- Organisers of raffles you enter we share limited information needed for the Organiser to manage their raffle and contact winners (typically name, email and ticket numbers, plus delivery details where you win).
- Cloud hosting and infrastructure providers (e.g. AWS, Google Cloud, Microsoft Azure).
- Analytics and crash reporting providers (e.g. Apple App Analytics, Firebase Analytics, Firebase Crashlytics, Sentry).
- Customer support and communications providers.
- Regulators, including state and territory gambling regulators, the OAIC, AUSTRAC and the Australian Taxation Office, where required or authorised by law.
- Law enforcement and other parties where required or authorised by law, or where reasonably necessary to protect our rights, your safety or the safety of others.
- Professional advisers (lawyers, accountants, auditors) under confidentiality obligations.
- Acquirers in the event of a corporate transaction such as a merger, acquisition or asset sale, subject to standard confidentiality protections.
We do not sell your personal information.
07 Cross-border disclosure
Some of our service providers may store or process your information outside Australia, including in the United States, the European Union, the United Kingdom and Singapore. Before disclosing personal information overseas, we take reasonable steps to ensure the recipient handles it in a manner consistent with the APPs, except where an exception applies.
08 How we hold and protect your information
We hold information in secure cloud environments operated by reputable providers. We use technical and organisational safeguards including encryption in transit (TLS), encryption at rest, multi-factor authentication for staff, role-based access controls, audit logging and regular review of our security practices. Payment card data is handled by PCI-DSS compliant providers and is not stored on our servers.
No system is completely secure. If you suspect unauthorised access to your account, contact us immediately at support@rafflehat.com.au.
09 Data retention
We retain personal information only for as long as needed for the purposes set out in this policy or as required by law. In particular:
- Transactional records (ticket purchases, draws, payouts, prize awards) are retained for at least 7 years to comply with tax, AML and gambling regulator record-keeping obligations.
- Account data is retained while your account is active and for a reasonable period after deletion.
- Identity verification records are retained for the period required by AML/CTF law (typically 7 years).
- Diagnostic and analytics data is typically retained for up to 14 months in identifiable form.
- Self-exclusion and problem-gambling records are retained for the period required to give effect to the exclusion.
You may request deletion of your data at any time (see Section 11), subject to these legal retention requirements.
10 Children
The App is strictly 18+. We do not knowingly collect personal information from anyone under 18. Accounts found to belong to a person under 18 will be closed and any prizes forfeited in accordance with our Terms. If you believe a child has provided us with personal information, contact us and we will delete it.
11 Your rights access, correction and deletion
Under the APPs you may:
- Access the personal information we hold about you;
- Correct information that is inaccurate, out of date, incomplete, irrelevant or misleading;
- Request deletion of your account and associated data, subject to the legal retention requirements in Section 9;
- Withdraw consent for optional collection (such as analytics) where consent was the basis for collection;
- Self-exclude from the App at any time (see Section 13).
To make a request, email [privacy@rafflehat.com.au]. We will respond within a reasonable period (generally 30 days) and may ask you to verify your identity. There is no charge to access your information, although a reasonable cost-recovery fee may apply for large requests.
13 Responsible gaming and self-exclusion
We are committed to responsible gaming. You can request self-exclusion (a temporary or permanent block on participating in raffles through the App) at any time by emailing support@rafflehat.com.au or using the in-App tools. We may also impose limits or exclusions where we identify behaviour consistent with problem gambling. For free, confidential support, contact:
- Gambling Help Online:https://www.gamblinghelponline.org.au 1800 858 858 (24/7)
- Lifeline: 13 11 14
14 Direct marketing
We may send you transactional and service messages (e.g. ticket confirmations, draw results). With your consent, we may also send promotional messages about new raffles or features. You can opt out of marketing at any time using the unsubscribe link in any message or by contacting us. We comply with the Spam Act 2003 (Cth) and the Privacy Act.
15 Notifiable Data Breach scheme
We comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988. If we experience an eligible data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (“OAIC”) as soon as practicable.
16 Complaints
If you believe we have breached the APPs or mishandled your information, please contact us first at [privacy@rafflehat.com.au]. We will investigate and respond within 30 days. If you are not satisfied, you may lodge a complaint with the OAIC:
- Website: https://www.oaic.gov.au
- Phone: 1300 363 992
- Mail: GPO Box 5288, Sydney NSW 2001
17 Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect the latest revision. Material changes will be notified through the App or by email. Continued use of the App after changes take effect constitutes acceptance.
18 Contact us
CmC Digital Pty Ltd
- Address: Suite 302 / 19A Boundary Street,Darlinghurst, NSW, 2010
- ABN: 99 838 153 483
- Privacy Officer: privacy@rafflehat.com.au
- General support: support@rafflehat.com.au
- Website: https://www.rafflehat.com.au
