At New Year Mega Lottery Ltd., we are committed to safeguarding the privacy and protecting the personal data of our users. This Data Privacy and Protection Policy outlines how we collect, use, disclose, and protect the personal information of individuals who visit our lottery website.
1. Information Collection:
1.1. Personal Information: We may collect personal information such as name, email address, contact number, and payment details when users register an account, participate in our lottery games, or interact with our website.
1.2. Non-Personal Information: We may also collect non-personal information such as browser type, IP address, and device information for analytical purposes.
2. Use of Information:
2.1. Lottery Participation: Personal information collected will be used to facilitate lottery participation, process payments, and deliver prizes to winners.
2.2. Communications: We may use personal information to send important updates, newsletters, and promotional offers related to our services, but users will have the option to opt-out of such communications.
2.3. Improvement of Services: Non-personal information may be used for analytical purposes to improve our website's functionality, user experience, and security.
3. Data Sharing and Disclosure:
3.1. Third Parties: We may share personal information with trusted third-party service providers to facilitate lottery operations, process payments, or for analytical purposes. However, we ensure that these third parties adhere to strict data protection standards. The user’s data and information shall be kept in confidential against any third parties and shall not disclose those data either in written or communications to any person whatsoever (other than their professional advisers or as may be required by law, upon order of court or any other competent authority), except so far as is necessary for the execution of its obligations hereunder.
3.2. The company shall protect against unauthorized disclosure of the information of personal data or information which is either designated in writing as confidential by using the same degree of care as it takes to preserve and protect its own confidential information of a similar nature. Such obligation shall continue for the period under reviews from disclosure of the information to the other Party.
3.3. New Yew Mega Lottery shall not treat as confidential any information which is or becomes publicly available or is lawfully obtained from third parties without restriction or disclosure.
3.4. Legal Compliance: We may disclose personal information if required to comply with legal obligations, enforce our policies, or protect the rights, property, or safety of New Year Mega Lottery Ltd., its users, or others.
4. Data Security:
4.1. Protection Measures: We implement industry-standard security measures to safeguard personal information against unauthorized access, alteration, disclosure, or destruction.
4.2. Encryption: All sensitive data, including payment information, is encrypted using Secure Socket Layer (SSL) technology to ensure secure transmission over the internet.
5. Data Retention:
5.1. Retention Period: We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Once the data is no longer needed, it will be securely deleted or anonymized.
6. User Rights:
6.1. Access and Correction: Users have the right to access, update, or correct their personal information stored on our website.
6.2. Withdrawal of Consent: Users can withdraw their consent for the processing of personal information or opt-out of communications at any time.
7. Children's Privacy:
7.1. Age Restriction: Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from minors.
8. Changes to the Policy:
8.1. Policy Updates: We reserve the right to update or modify this Data Privacy and Protection Policy at any time. Any changes will be prominently displayed on our website.
9. Contact Information:
9.1. Questions and Concerns: If you have any questions or concerns regarding this policy or the handling of your personal information, please contact us at [office@newyearmegalottery.com].
By using our website and participating in our lottery games, you agree to the terms outlined in this Data Privacy and Protection Policy. It is essential to review this policy periodically for any updates or changes. Last updated: [10th July 2023].
Data Privacy and Protection:
A data policy is a policy that describes how a business handles personal data. A data policy's primary function is to create transparency for the consumer about how data is processed, protected, and shared.
User Data Policy:
Data Privacy defines who has access to data, while data protection provides tools and policies to actually restrict access to the data. Compliance regulations help ensure that user's privacy requests are carried out by companies, and companies are responsible to take measures to protect private user data.
Data destruction:
A data destruction policy is a set of written principles that guide how to properly dispose of information and the mode of disposal for each data category. The hardware disposal and data destruction policy aims to protect data from unauthorized access by controlling who gets to handle the disposal process.
Access Management:
User access management, or UAM, is a subset of LAM that emphasizes managing user access to various system resources and data. It helps provide users within the organization access to the tools and services they need at the correct time.
Systems & Data security:
A data security policy regulates the usage, management, and monitoring of data in an organization. Its primary goal is to protect all data used, managed, and stored by a company. Data security policies are typically not required by law, but can help organizations comply with data protection standards and regulations
Systems & Data Security Document for New Year Mega Lottery Ltd. Lottery Website
1. Introduction:
New Year Mega Lottery Ltd. (hereafter referred to as "the Company") is committed to ensuring the security and protection of the data collected, stored, and processed through its lottery website. This Systems & Data Security Document outlines the measures implemented to safeguard the integrity, confidentiality, and availability of data on our platform.
2. Access Control:
2.1. User Authentication: All users accessing the lottery website must undergo a secure authentication process, including strong password requirements and multi-factor authentication where applicable.
2.2. Role-Based Access Control (RBAC): Access permissions are assigned based on the roles and responsibilities of individuals within the organization to limit access to sensitive data to authorized personnel only.
3. Data Encryption:
3.1. Transmission Encryption: All data transmitted between users' devices and our servers is encrypted using industry-standard Transport Layer Security (TLS) or Secure Socket Layer (SSL) encryption protocols to prevent interception or eavesdropping.
3.2. Data-at-Rest Encryption: Sensitive data, including personal information and payment details, stored in databases or on disk storage, is encrypted using strong encryption algorithms to protect against unauthorized access in case of a security breach.
4. Secure Software Development:
4.1. Code Review: All code deployed on the lottery website undergoes rigorous code review processes to identify and mitigate potential security vulnerabilities before implementation.
4.2. Secure Coding Practices: Developers follow secure coding practices, including input validation, output encoding, and parameterized queries, to prevent common web application security threats such as SQL injection and cross-site scripting (XSS) attacks.
5. Regular Security Audits and Assessments:
5.1. Vulnerability Scanning: Regular vulnerability scanning and penetration testing are conducted to identify and address security weaknesses in the infrastructure, applications, and configurations.
5.2. Third-Party Audits: Independent third-party security audits and assessments are performed periodically to validate the effectiveness of our security controls and ensure compliance with industry standards and regulations.
6. Incident Response and Monitoring:
6.1. Incident Response Plan: The Company has an established incident response plan outlining procedures for detecting, responding to, and mitigating security incidents promptly and effectively.
6.2. Continuous Monitoring: Real-time monitoring systems are implemented to detect suspicious activities, unauthorized access attempts, and potential security breaches, allowing for immediate response and remediation.
7. Data Backup and Disaster Recovery:
7.1. Regular Backups: Data backups are performed regularly to ensure the availability and integrity of data in the event of hardware failures, data corruption, or other disasters.
7.2. Offsite Storage: Backup copies of data are stored securely in offsite locations to mitigate the risk of data loss due to physical damage or destruction of onsite infrastructure.
8. Employee Training and Awareness:
8.1. Security Awareness Training: All employees undergo regular security awareness training to educate them about security best practices, their roles in protecting data, and how to recognize and report security threats.
8.2. Security Policies and Procedures: Employees are required to adhere to the Company's security policies and procedures to maintain the confidentiality, integrity, and availability of data on the lottery website.
9. Compliance and Regulation:
9.1. Legal Compliance: The Company complies with relevant data protection regulations and privacy laws, including but not limited to the Consumer Protection Council Act (CPC) of the Federal Republic of Nigeria.
9.2. Data Retention Policies: Data retention policies are established to govern the storage and deletion of personal information in accordance with legal requirements and user consent.
10. Conclusion:
The security and protection of data on the New Year Mega Lottery Ltd. lottery website are of paramount importance to the Company. By implementing robust security measures, adhering to best practices, and continuously monitoring and improving our systems, we strive to maintain the trust and confidence of our users in the integrity and security of our platform.
This Systems & Data Security Document is subject to regular review and updates to ensure alignment with evolving security threats, industry standards, and regulatory requirements.