GDPR & Data Protection (European Economic Area)

This page is for users in the European Economic Area (EEA) and explains how we process your personal data under the General Data Protection Regulation (EU 2016/679) (“GDPR”). GDPR applies in the UK via the UK GDPR and in the EEA. This is a summary only and does not replace our Privacy Policy.

1. Who We Are

The data controller for GDPR (where applicable) is MapleNumbersCanada Canada Inc. (NEQ 1170001234), 150 King St W, Suite 200, Toronto, ON M5H 1J9, Canada. Contact: info@lottonumbercanada.com. Where we serve EEA users, we put in place appropriate safeguards and comply with applicable data protection law.

2. Legal Basis for Processing

We process your personal data on the following bases where relevant under GDPR:

• Contract: To fulfil our contract with you (e.g. account, entries, support).
• Legitimate interests: To run, secure, and improve our services and prevent fraud, where your rights do not override these.
• Consent: Where we ask for your consent (e.g. marketing, non-essential cookies). You may withdraw consent at any time.
• Legal obligation: Where we must process data to comply with the law (e.g. anti-money laundering, age checks).

3. Your Rights Under GDPR

If you are in the EEA (or UK), you have the right to:

• Access: Ask for a copy of the personal data we hold about you.
• Rectification: Ask us to correct inaccurate data.
• Erasure: Ask for your data to be deleted in certain cases (“right to be forgotten”).
• Restriction: Ask us to limit processing in certain situations.
• Data portability: Receive your data in a structured, machine-readable format where it applies.
• Object: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Where we rely on your consent.
• Lodge a complaint: With a supervisory authority in your country (e.g. the ICO in the UK, or your local data protection authority in the EU).

To use any of these rights, contact us at info@lottonumbercanada.com. We will reply within the time limits set by law (usually one month).

4. International Transfers

When we transfer personal data outside the EEA/UK, we use appropriate safeguards (e.g. adequacy decisions, standard contractual clauses, or other approved tools) as required by GDPR.

5. Retention

We keep your data only as long as needed for the purposes in our Privacy Policy or as the law requires (e.g. regulatory or tax).

6. Updates

GDPR and national laws can change. We review our practices regularly and will update this page and our Privacy Policy when needed. Last update: 2025.