Data Protection Addendum (UK GDPR)

Last Updated: 23 December 2025

This Data Protection Addendum (“Addendum”) forms part of Competiown Ltd’s Privacy Policy and sets out how personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

For the purposes of UK GDPR, the Data Controller is:

Competiown Ltd
Company Number: 15752454
The Bristol Office, 2nd Floor
5 High Street
Westbury On Trym
Bristol
England
BS9 3BY

Email: admin@competiown.co.uk

2. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

  • Consent – where explicit permission has been provided (e.g. marketing communications)
  • Contractual Necessity – to administer competitions and deliver services
  • Legal Obligation – to comply with applicable laws and regulations
  • Legitimate Interests – including fraud prevention, service improvement, and platform security

3. Categories of Data Subjects

We may process personal data relating to:

  • Competition entrants
  • Registered account holders
  • Website visitors
  • Newsletter subscribers
  • Customer support correspondents

4. Categories of Personal Data

Personal data processed may include:

  • Identity data (name, date of birth)
  • Contact data (email address, postal address, telephone number)
  • Transaction data (competition entries, payment confirmations)
  • Technical data (IP address, browser type, device data)
  • Marketing preferences

Payment card details are processed securely by third-party payment providers and are not stored by Competiown Ltd.

5. Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting infrastructure
  • Access controls limiting data to authorised personnel
  • Encryption and security monitoring where appropriate

6. Data Retention

Personal data is retained only for as long as necessary to:

  • Administer competitions
  • Comply with legal and regulatory obligations
  • Resolve disputes
  • Maintain accurate business records

Data is securely deleted or anonymised when no longer required.

7. Sub-Processors

We may use trusted third-party service providers (“sub-processors”) for services such as:

  • Payment processing
  • Email communications
  • Website analytics
  • Hosting and IT infrastructure

All sub-processors are contractually required to comply with UK GDPR and act only on our documented instructions.

8. International Transfers

Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including:

  • UK adequacy regulations
  • Standard contractual clauses or equivalent mechanisms

9. Data Subject Rights

Under UK GDPR, individuals have the right to:

  • Access their personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

Requests should be sent to: admin@competiown.co.uk

10. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.