Effective date: 2026-02-22
1. Information we collect
We collect account information, attendance records, and eligibility status data necessary to provide evidence of active participation and operate the service. This may include data relating to player, store, and site accounts, as applicable to service functions. We also collect and retain system log data reasonably required for security, administration, and support purposes. This includes but is not limited to IP addresses, system access logs, session records, and technical diagnostic data. Such data may be retained for extended periods as reasonably necessary for compliance, regulatory, investigative, or safeguarding purposes.
2. Lawful access and disclosures
We may disclose or provide access to relevant information to law enforcement agencies and UK border agencies where required or permitted by applicable law. This includes responding to lawful requests, investigations, regulatory enquiries, and compliance checks relating to RIF eligibility and use. Where lawful and operationally appropriate, designated police users may be granted controlled access to relevant system functions and records for the purpose of verifying a user's eligibility to own or purchase a RIF. You acknowledge and consent to such access by law enforcement as a condition of use. We may also disclose personal data to other authorised government bodies, public authorities, regulatory bodies, and other competent organisations where required for statutory compliance, crime prevention, safeguarding children and vulnerable persons, or public safety purposes. Such disclosures may occur without notice and without your further consent.
3. How we use information
Personal data is used to verify eligibility for RIF purchases, provide player-to-player proof, and support checks carried out by authorised retailers, stores, and sites. We process personal data only as necessary for service operation, integrity, and compliance purposes across relevant account types. We may also use information for system administration, fraud detection, compliance monitoring, enforcement of these Terms, prevention of illegal activity, and in response to legal processes or requests from law enforcement or other authorities. We may analyse and use aggregated or anonymised information for statistical, compliance, and operational improvement purposes.
4. Lawful basis and processing
Personal data is processed as necessary to provide and administer the service, satisfy compliance obligations, protect the integrity of eligibility checks, and protect the safety and rights of individuals and the public. Access to personal data is restricted to users who require such access for authorised operational, support, compliance, or security functions. We may impose additional data processing restrictions or access controls to ensure compliance with regulatory requirements. The processing of personal data is necessary for the performance of a contract, compliance with legal obligations, protection of vital interests, and performance of tasks carried out in the public interest or official authority vested in us.
5. Sharing and access
Access to personal data is limited to authorised administrators, retailers, stores, sites, police, law enforcement agencies, and other competent bodies that use the service to confirm eligibility, manage related account operations, conduct investigations, or perform statutory functions. We do not sell personal data. We do not share personal data for independent marketing purposes, nor do we conduct profiling for commercial purposes. We may share personal data with service providers, contractors, and technical partners who process data on our behalf under binding confidentiality obligations. Any such disclosures are made only where necessary for service operation and are subject to contractual protections and confidentiality requirements.
6. Data retention
Personal data is retained only for as long as reasonably necessary to provide the service and to meet applicable operational, legal, regulatory, and statutory requirements. Data relating to eligibility determinations, attendance records, and eligibility status may be retained indefinitely as it constitutes official record-keeping essential to the service's compliance function. You may request correction of inaccurate or incomplete personal data, provided such correction does not compromise the integrity of eligibility records or regulatory compliance. Where correction is requested, we may retain the original data and maintain a record of the correction for audit and compliance purposes.
7. Data minimization
We apply data minimisation principles and collect only personal data reasonably necessary for eligibility checks, proof of participation, and account administration. However, we maintain the discretion to collect additional data where reasonably necessary for compliance, security, fraud prevention, law enforcement cooperation, or safeguarding purposes. We do not collect personal data for advertising or unrelated profiling activities, except that we may conduct aggregated or anonymised statistical analysis for operational and compliance purposes.
8. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, use, alteration, disclosure, or loss. Although no system can guarantee absolute security, we continually review and improve our safeguards. For security, accountability, compliance, and investigative purposes, we maintain comprehensive audit logs that record access to and updates of user profile data, including user identifiers, timestamps, relevant action details, and originating IP addresses, including actions affecting player, store, and site profiles. These logs are used to monitor system integrity and to detect, investigate, and respond to suspected unauthorised access, misuse, or fraud. Audit logs may be retained for extended periods and may be disclosed to law enforcement, regulatory authorities, or other competent bodies where required or permitted by law, and may be used as evidence in investigations, enforcement actions, or proceedings. You waive any claim of confidentiality or privilege regarding audit logs.
9. Your rights
Subject to applicable law and the legitimate interests of law enforcement, regulatory bodies, and public safety, you may request access to your personal data and request correction of inaccurate data. Such requests must be made in writing and may be subject to verification of your identity. We may refuse access or correction requests where such disclosure would compromise ongoing investigations, prejudice law enforcement activities, or contravene statutory restrictions on disclosure. Please contact privacy@example.com for assistance with such requests, and note that processing of requests may take up to 30 days.
10. Contact and complaints
For privacy-related enquiries, requests, or complaints, please contact privacy@example.com. If you believe your privacy rights have been violated, you have the right to lodge a formal complaint with the relevant supervisory authority. This Privacy Policy is subject to change at any time and without notice. Your continued use of the service constitutes acceptance of the latest version of this Privacy Policy. Where material changes are made, we will endeavour to communicate such changes, but it remains your responsibility to review this Privacy Policy regularly.
For any questions regarding this Privacy Policy, please contact privacy@example.com.