Privacy policy

Carp Fishing Draws ("we", "us", "our") is the data controller for personal data collected on this website. Contact: [your registered business name and address — replace before going live] — email [contact email].

• Account data: name (or display name), email address, hashed password.
• Entry data: chosen numbers, draws entered, age confirmation, skill-question answer.
• Postal entry data: the name, address, contact details and date of birth you supply on a free postal entry.
• Payment data: processed by our payment provider — we receive a transaction reference and amount, not your full card details.
• Technical data: IP address, browser type, and basic usage logs for security and abuse prevention.

• Contract: to administer your entries, run the draw, contact winners and deliver prizes.
• Legal obligation: to keep records required by consumer-protection, tax and prize-competition rules.
• Legitimate interests: to prevent fraud, secure our service and improve the site.
• Consent: only where required (e.g. optional marketing emails), which you can withdraw at any time.

We only share data with processors who help us run the service:

• Hosting and database provider (Lovable Cloud / Supabase)
• Payment processor
• Delivery courier for prize fulfilment
• Email/notification provider for transactional messages

We never sell your data and we do not share it for third-party marketing. Where a processor is outside the UK we rely on UK adequacy decisions or standard contractual clauses.

• Account data: until you ask us to delete your account.
• Entry and draw records: 6 years after the relevant draw (UK record-keeping).
• Payment records: 6 years (HMRC requirement).
• Server/security logs: up to 90 days.

Under UK GDPR you have the right to:

• Access a copy of the data we hold about you
• Have inaccurate data corrected
• Have your data erased (subject to our legal retention obligations)
• Restrict or object to processing
• Data portability
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at [contact email]. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

We use a small number of strictly-necessary cookies to keep you signed in and to secure forms. We do not use advertising cookies. If we add analytics in future, we will request consent first.

We may update this policy from time to time. The current version posted on this page applies.