Privacy Policy | WinUTrips

This Privacy Policy explains how WinUTrips Ltd ("we", "us", or "our") collects, uses, shares, and protects your personal data when you use our website and services. We are committed to protecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Introduction

WinUTrips operates a prize competition platform for travel experiences and event tickets. This policy applies to all personal data we collect through our website, mobile applications, and related services.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Data Controller

WinUTrips Ltd is the data controller for your personal data.

Company Name: WinUTrips Ltd
Registered in: England and Wales
Email: privacy@winutrips.com
Address: Unit 14 Skyline House, 200 Union Street, London, SE1 0LX, United Kingdom

3. Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

Account Information: Name, email address, password, date of birth, phone number
Profile Information: Display name, avatar
Transaction Information: Competition entries, ticket purchases, payment details (processed securely by Stripe)
Communication Information: Messages you send us, customer support enquiries

3.2 Information Collected Automatically

Device Information: IP address, browser type, operating system, device identifiers
Usage Information: Pages visited, features used, time spent on site, referral sources
Location Information: General location based on IP address

3.3 Information from Third Parties

OAuth Providers: If you sign in with Google, we receive your name, email, and profile picture
Payment Processor: Stripe provides transaction status and fraud prevention data

4. How We Use Your Data

We use your personal data for the following purposes:

Service Delivery: To create and manage your account, process ticket purchases, conduct draws, and deliver prizes
Communication: To send order confirmations, draw results, account notifications, and respond to enquiries
Legal Compliance: To verify your age and eligibility, comply with gambling regulations, and maintain audit records
Security: To detect and prevent fraud, protect against abuse, and ensure platform security
Improvement: To analyse usage patterns, improve our services, and develop new features
Marketing: With your consent, to send promotional communications about new competitions

5. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

Contract: Processing necessary to provide our services and fulfil our agreement with you
Legal Obligation: Processing required to comply with UK gambling laws, tax regulations, and consumer protection laws
Legitimate Interests: Processing for fraud prevention, security, service improvement, and business operations
Consent: Marketing communications and non-essential cookies (you may withdraw consent at any time)

7. Data Retention

We retain your personal data for the following periods:

Account Data: For as long as your account is active plus 6 years after closure (for legal and tax purposes)
Transaction Records: 7 years (as required by UK tax law)
Draw Records: Indefinitely (for regulatory compliance and dispute resolution)
Marketing Data: Until you withdraw consent or unsubscribe
Analytics Data: 26 months (anonymised after this period)

8. Your Rights

Under UK GDPR, you have the following rights:

Right of Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data (subject to legal retention requirements)
Right to Restrict Processing: Request limitation of how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise your rights, please contact us at privacy@winutrips.com. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

We use cookies and similar technologies to enhance your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encryption of data in transit (HTTPS/TLS)
Encryption of data at rest
Secure password hashing (scrypt)
Regular security assessments
Access controls and authentication
Audit logging of sensitive operations

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

11. International Transfers

Your data may be transferred to and processed in countries outside the UK. We ensure appropriate safeguards are in place, such as:

Transfers to countries with UK adequacy decisions
Standard Contractual Clauses approved by the ICO
Binding Corporate Rules for transfers within corporate groups

12. Children's Privacy

Our services are only available to individuals aged 18 or over. We do not knowingly collect personal data from children under 18. If we discover that we have collected data from someone under 18, we will delete it immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top indicates when this policy was last revised.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@winutrips.com
Post: WinUTrips Ltd, Unit 14 Skyline House, 200 Union Street, London, SE1 0LX, United Kingdom

Last updated: 10 February 2026Questions? privacy@winutrips.com