At www.thesecretstorydraw.org, we are committed to respecting your privacy and protecting your personal data. This privacy and cookies policy (“Policy”) sets out how we use data relating to you and applies to all use of your personal data by THE SECRET STORY DRAW LIMITED, a not-for-profit company registered in England and Wales with company number 12985720 and registered address 8th Floor New England House, New England Street, Brighton BN1 4GH (“we”, “us” or “our”).

This Policy sets out the basis on which any personal data we collect from you, or that you provide to us through our website at https://www.thesecretstorydraw.org/ (the “Website”) will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We will only collect and process information about you in accordance with this Policy and we will only use information collected about you in accordance with applicable data protection laws including the EU General Data Protection Regulation 2016 (“GDPR”) and the UK Data Protection Act 2018. Where we decide the purpose or means for the processing of the personal data that you provide when using our Website, we are the “data controller” for the purposes of the GDPR.

You have the right to object to the processing of your personal data, including where your personal data is being processed for direct marketing purposes. Further information on this right, and your other rights, is set out below.
If you have any concerns over privacy, or this Policy contact us at: hello@thesecretstorydraw.org.

1.1 The table below explains what data we collect, how we use it, and which recipients it might be shared with.

2.1 You have certain rights over the way we process personal data relating to you. We aim to comply without undue delay, and within one month at the latest, in response to any requests submitted by you to us:
• for a copy of personal data we are processing about you and/or to have inaccuracies corrected;
• to restrict, stop processing, or to delete your personal data;
• for a machine-readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer; and
• to make a complaint to a data protection regulator. You may contact them at: https://ico.org.uk/concerns/.
2.2 To make a request in relation to any of the aforementioned rights, please send your request to hello@thesecretstorydraw.org.
2.3 You may request deletion of your account by sending an e-mail to: hello@thesecretstorydraw.org. Please note that some information may remain in our private records after deletion of your account. We may use any aggregated data derived from or incorporating your personal data after you delete your account but not in any manner that would identify you personally.

3.1 We will share your personal data with third parties only in the ways that are described in this policy.
3.2 Group, suppliers, subcontractors, service providers. We keep your personal data confidential, but may disclose it to any member of our personnel, email marketing suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Policy.
3.3 Government authorities. In addition, we may disclose your personal data to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
3.4 Enforcement. We may also disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches, or to protect the rights, property or safety of us, our personnel or others.
3.5 We only permit our suppliers and subcontractors to process your personal data for specified purposes and in accordance with our instructions. All our third-party service providers are required to take appropriate security measures to protect your personal data.

4.1 We will only hold data about you for as long as necessary, bearing in mind the purpose for which that data was collected, or as otherwise described in this Policy.
4.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

5.1 We will take commercially reasonable, appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our Website taking into account the likelihood and severity those risks might pose to the rights and freedoms of our Website visitors and customers.
5.2 In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorised disclosure of or access to the personal data transmitted, stored or otherwise processed by us.

6.1 We are a UK Company and our servers are located in the EEA and your personal data will be stored in these servers.
6.2 There are agreements in place to ensure that personal data is processed using appropriate safeguards that meet the requirements of data protection laws. Such appropriate safeguards may include standard data protection clauses adopted by a data protection regulator and approved by the European Commission, such as the European Commission's standard contractual clauses.
6.3 If you would like to find out more about these safeguards or if you have any other queries or comments in relation to this Policy, please let us know by emailing us at: hello@thesecretstorydraw.org.

7.1 If you follow a link from the Website to any third party websites, you should be aware that those websites may have their own privacy policies. We do not accept any responsibility or liability for those websites. Please check the policies of any third party websites before submitting any personal data to those websites.
7.2 We may make changes to this Policy in the future, which will be posted on this page. You should check this page from time to time to ensure you are aware of any changes. Where appropriate we may notify you of changes by email.
7.3 All questions, comments or enquiries should be directed to us. We will try to respond to you within 48 hours.

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

.