Privacy Policy
1. Introduction
Welcome to PrizeCardHub’s Privacy Policy.
PrizeCardHub (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website or enter our competitions.
It also informs you about your rights under data protection law and how those rights are protected.
This website is not intended for children, and we do not knowingly collect data relating to anyone under 18.
2. Important Information
Purpose of this Privacy Policy
This Privacy Policy explains how PrizeCardHub collects and processes your personal data through your use of this website, including any data you provide when you:
create an account,
enter a competition,
sign up to receive marketing, or
consent to us taking and publishing photographs if you win.
This Privacy Policy supplements other notices and policies we may provide on specific occasions.
Controller
PrizeCardHub is the controller of your personal data.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions about this Privacy Policy.
Contact details:
Legal entity name: PrizeCardHub
Email: info@prizecardhub.com
Postal address:
PrizeCardHub
Office 1403
92 Castle Street
Belfast
Northern Ireland
BT1 1HE
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection (www.ico.org.uk). However, we would appreciate the chance to resolve your concerns before you contact the ICO.
3. Changes to this Policy
We keep this Privacy Policy under review. This version was last updated in September 2025.
It is important that the personal data we hold about you is accurate and up to date. Please notify us if your personal data changes during your relationship with us.
4. Third-Party Links
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your data. We are not responsible for the privacy practices of those third parties, and we encourage you to read their privacy policies.
5. The Data We Collect
We may collect, use, store, and transfer the following categories of personal data:
Identity Data: first name, last name, date of birth, username, title, and photographs.
Contact Data: billing address, delivery address, email address, phone number.
Financial Data: payment card and bank details (processed securely by our payment provider).
Transaction Data: competition entries, order history, and payments.
Technical Data: IP address, browser type, operating system, device type, and cookies.
Profile Data: login details, competition history, preferences, and survey responses.
Usage Data: information on how you use our website and competitions.
Marketing & Communications Data: your marketing preferences and communication settings.
We may also collect Aggregated Data (statistical/demographic information). Aggregated Data is not personal unless combined with identifiable information.
We do not collect sensitive data (such as health, political, or biometric data) unless explicitly consented (e.g., a winner’s photo that reveals ethnicity or health information).
6. If You Fail to Provide Data
If you do not provide data we need to perform our contract with you (e.g., competition entry details), we may not be able to process your entry or deliver a prize.
7. How We Collect Your Data
We collect data in the following ways:
Directly from you – when you:
register an account,
enter a competition,
sign up for marketing,
provide feedback,
or agree to publicity as a winner.
Automatically – via cookies and analytics when you use our site.
From third parties – including:
analytics providers (e.g., Google),
advertising networks (e.g., Facebook),
and payment processors (e.g., Trust Payments).
8. How We Use Your Data
We will only process your personal data when permitted by law, including:
Contractual necessity – to process competition entries, payments, and prize fulfilment.
Legitimate interests – to operate, improve, and market our services (provided your rights are not overridden).
Legal obligations – e.g., fraud prevention, financial compliance.
Consent – for marketing communications and use of winner photographs.
Examples of use:
managing your competition entries,
contacting winners,
preventing fraud,
publishing winner names/photos for transparency,
sending marketing updates (if opted-in).
You can withdraw consent for marketing at any time.
9. Marketing and Publicity
We may use your data to send marketing by email, SMS, or social media if you have opted in.
Winners may be required to participate in publicity (photographs, names, and towns may be published on our website and social media).
We will always ask for your explicit consent before publishing identifiable images or sensitive data.
10. Data Sharing
We may share your personal data with:
payment processors,
IT and hosting providers,
marketing/advertising platforms (where opted in),
delivery and courier services,
regulatory authorities (where legally required).
We do not sell your personal data.
11. International Transfers
If we transfer your data outside the UK, we will ensure appropriate safeguards (such as UK-approved Standard Contractual Clauses) are in place.
12. Data Security
We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or disclosure. Access is limited to staff and contractors who have a business need to know.
13. Data Retention
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting obligations.
Retention examples:
Account data: kept while your account is active.
Transaction records: up to 6 years (to comply with tax and legal obligations).
Marketing data: until you opt out.
14. Your Legal Rights
Under data protection laws, you have the right to:
Request access to your data.
Request correction of inaccurate data.
Request erasure of your data.
Object to processing (e.g., direct marketing).
Request restriction of processing.
Request transfer of your data.
Withdraw consent at any time (where processing is based on consent).
To exercise these rights, please contact us at info@prizecardhub.com.
15. Cookies
Our website uses cookies to improve functionality, enhance user experience, and analyse site traffic. You can set your browser to refuse cookies, but some website features may not function properly. For full details, please see our Cookie Policy.
16. How We Use Your Personal Data
We use your personal data for the purposes outlined below. Each purpose is linked to the type of data we collect and the lawful basis for processing. In some cases, we may rely on more than one legal ground depending on the activity. If you need further details, please contact us.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
Register you as a new customer | (a) Identity (b) Contact | Performance of a contract with you |
Process your competition entry, including payments and collections | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing & Communications | (a) Performance of a contract with you (b) Legitimate interests (recovering debts) |
Manage our relationship (e.g. notify changes, request feedback, surveys) | (a) Identity (b) Contact (c) Profile (d) Marketing & Communications | (a) Performance of a contract with you (b) Compliance with legal obligations (c) Legitimate interests (record-keeping, customer insight) |
Enable participation in prize draws, competitions, or surveys | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing & Communications | (a) Performance of a contract with you (b) Legitimate interests (improving and growing our business) |
| Administer and protect our business and website (IT, troubleshooting, fraud prevention, reporting) | (a) Identity (b) Contact (c) Technical | (a) Legitimate interests (business operations, IT security, fraud prevention) (b) Compliance with legal obligations |
| Deliver relevant website content and advertisements, measure effectiveness | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing & Communications (f) Technical | Legitimate interests (understanding users, improving services, marketing strategy) |
| Use data analytics to improve website, services, and user experience | (a) Technical (b) Usage | Legitimate interests (defining customer types, keeping services relevant, business development) |
| Make suggestions/recommendations for competitions or services | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing & Communications | Legitimate interests (developing services, growing business) |
17. Marketing
We aim to give you control over how your data is used for marketing.
Promotional Offers: We may use Identity, Contact, Technical, Usage, and Profile Data to determine competitions or services that may interest you. You’ll receive marketing communications if you’ve entered competitions or requested information, unless you opt out.
Third-Party Marketing: We will only share your data with third parties for marketing if you have expressly opted in.
Opting Out: You can stop receiving marketing messages at any time by contacting us.
18. Cookies Policy
You can set your browser to refuse all or some cookies, or to alert you when a website sets or accesses cookies. Please note that if you disable or refuse cookies, parts of our website may not function properly or may become inaccessible.
Our website uses cookies to:
Distinguish you from other users.
Improve your browsing experience.
Help us enhance our website and services.
A cookie is a small file of letters and numbers that we store on your browser or computer if you agree. Cookies contain information that is transferred to your device.
Types of Cookies We Use
Strictly Necessary Cookies – Required for website operation (e.g., logging in, secure areas, transactions).
Analytical/Performance Cookies – Allow us to measure traffic, track usage, and improve site navigation.
Functionality Cookies – Remember your preferences (e.g., language, region) and recognise you on return visits.
Targeting Cookies – Record your visits, pages viewed, and links followed to deliver relevant advertising. We may share this information with third parties for the same purpose.
Example: CookieYes (GDPR Cookie Consent & Compliance)
This cookie helps us manage user consent and preferences. It may be used to:
Estimate audience size and usage patterns.
Store your preferences for personalised content and offers.
Speed up searches.
Recognise you when you return to our site.
Provide convenience features, such as saving items in a basket between visits.
We do not share cookie data with third parties for their own use.
You can block cookies by adjusting your browser settings to refuse all or some cookies. However, blocking essential cookies may limit access to certain parts of our website.
Except for essential cookies, all cookies will expire after their defined retention period.
19. Change of Purpose
We will only use your personal data for the purposes for which it was collected, unless we reasonably determine that we need to use it for another purpose that is compatible with the original one. If you would like an explanation of how any new processing is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, where required or permitted by law.
20. Disclosures of Your Personal Data
We may share your personal data with the parties listed below for the purposes set out in the section titled “Purposes for which we will use your personal data.”
External Third Parties
Service providers in the UK acting as processors who provide payment processing, IT, and system administration services.
Professional advisers in the UK (acting as processors or joint controllers), including lawyers, bankers, auditors, and insurers, who provide consultancy, banking, legal, insurance, and accounting services.
HM Revenue & Customs, regulators, and other UK authorities (acting as processors or joint controllers) who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and permit them to process it only for specified purposes and in line with our instructions.
21. International Transfers
We do not transfer your personal data outside the UK.
If this changes in the future, we will inform you and explain the safeguards we use to protect your data.
22. Data Security
We have implemented appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way.
Access to your personal data is limited to employees, agents, contractors, and other third parties who have a legitimate business need. They will process your data only on our instructions and are subject to a duty of confidentiality.
We also maintain procedures to handle any suspected personal data breach and will notify you and any applicable regulator where legally required.
23. Data Retention
How Long We Keep Your Data
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, tax, accounting, or reporting requirements.
We may retain data for longer if:
There is an ongoing complaint, or
We reasonably believe there is a likelihood of litigation concerning our relationship with you.
When determining retention periods, we consider:
The amount, nature, and sensitivity of the data.
The risk of harm from unauthorised use or disclosure.
The purposes for which we process the data and whether those purposes can be achieved in other ways.
Legal, regulatory, tax, and accounting obligations.
By law, we must keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers, for tax purposes.
In some cases, you can ask us to delete your data (see Your Legal Rights below).
In others, we may anonymise your data so that it can no longer be linked to you. We may use such anonymised data indefinitely for research or statistical purposes without further notice.
24. Your Legal Rights
Under data protection law, you have the right to:
Request access to your personal data (“data subject access request”) to receive a copy and check we are processing it lawfully.
Request correction of incomplete or inaccurate data we hold about you.
Request erasure of your personal data, where there is no valid reason for us to continue processing it (subject to certain legal exemptions).
Object to processing where we rely on a legitimate interest or use your data for direct marketing.
Request restriction of processing, for example if you contest accuracy, oppose erasure, or need us to retain data for legal claims.
Request data portability, i.e., to receive your data in a structured, machine-readable format and transfer it to another party (where processing is based on consent or contract).
Withdraw consent at any time where processing relies on consent. Please note, this does not affect the lawfulness of processing before consent was withdrawn, but it may mean we cannot provide certain services.
To exercise any of these rights, please contact us.
No Fee Usually Required
You will not have to pay a fee to access your data or exercise your rights. However, we may charge a reasonable fee or refuse to comply if your request is unfounded, repetitive, or excessive.
What We May Need from You
We may request specific information to confirm your identity and ensure your right to access your personal data (or to exercise any of your rights). This security measure prevents disclosure to anyone who has no right to receive it.
Time Limit to Respond
We aim to respond to all legitimate requests within one month. If your request is complex or you have made multiple requests, it may take longer. In that case, we will notify you and keep you updated.