Try My Privacy policy
How we collect, use, store and share your personal data. Last updated: 18 May 2026.
1. Who we are
The data controller for trymyluck.co.uk is Thames Network Limited (company no. 08207668), registered at Unit 50 New Lydenburg Street, London, SE7 8NE. ICO registration number: [ICO REF].
Our Data Protection contact: privacy@trymyluck.co.uk.
2. What data we collect
- Account data: name, email, phone, date of birth, postal address.
- Entry data: which competitions you entered, when, how many entries, your skill answer, your entry ID.
- Payment data: handled by [STRIPE]; we store only the last 4 digits of your card and the transaction ID, not the full card number.
- Verification data (winners only): ID document scan, proof of address.
- Communications: emails you send us, support tickets.
- Technical data: IP address, browser, device, pages visited, referrer.
3. Why we collect it (lawful basis)
| Purpose | Lawful basis |
|---|---|
| Running a competition you entered | Contract (Art 6(1)(b)) |
| Age and identity verification of winners | Legal obligation + contract |
| Fraud prevention | Legitimate interest (Art 6(1)(f)) |
| Marketing emails about new competitions | Consent (you can opt out anytime) |
| Accounting and tax records | Legal obligation |
4. Who we share it with
- Payments: Stripe (USA โ under Standard Contractual Clauses)
- Email delivery: [SENDGRID / POSTMARK / OTHER]
- Hosting: [CLOUDFLARE / NETLIFY / OTHER]
- Analytics: [PLAUSIBLE / FATHOM โ privacy-friendly, no cookie consent required] or [GOOGLE ANALYTICS โ cookie consent required]
- Identity verification of winners: [ONFIDO / VERIFF / MANUAL]
- HMRC, regulators, law enforcement: if legally required
We do not sell your personal data to anyone.
5. How long we keep it
- Account data: while your account is active, plus 7 years after closure (HMRC).
- Entry records: 12 months after the draw, then anonymised.
- Winner ID verification documents: 12 months after the draw, then deleted.
- Marketing consent records: until you withdraw consent, plus 12 months.
- Accounting records: 7 years (HMRC requirement).
6. Your rights
Under UK GDPR you have the right to:
- Access a copy of your personal data ("subject access request")
- Have inaccurate data corrected
- Have your data deleted (subject to legal retention requirements)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time (for consent-based processing)
- Complain to the Information Commissioner's Office at ico.org.uk
Email privacy@trymyluck.co.uk to exercise any of these. We will respond within one calendar month.
7. Cookies
We use these cookies:
- Essential (no consent required): session cookie, age-gate cookie, CSRF token, Stripe checkout cookie.
- Analytics (consent required if non-anonymous): [list any].
- Advertising / tracking: we do not currently use any.
8. Security
Data is encrypted in transit (HTTPS/TLS 1.3) and at rest. ID documents for winners are stored in a separate encrypted bucket with access restricted to the verification team and deleted after 12 months. We follow the National Cyber Security Centre's Cyber Essentials baseline.
9. International transfers
Some of our processors (e.g. Stripe) are based in the United States. Transfers are made under the UK Addendum to the EU Standard Contractual Clauses. The full list of processors and their locations is in section 4.
10. Changes to this policy
We may update this policy. The current version is always at this URL, with a "last updated" date at the top. Material changes will be communicated to active account holders by email.