Effective date:  10 October 2025
Applies to: Online Lotto websites, emails, and related services operated by WH Limited, Registration number НЕ 436274, Pigmalionos 2, 2122 Nicosia, Cyprus (“Online Lotto”, “we”, “us”, “our”).

We run a free-to-play daily numbers game with player dashboards, points, streaks, referrals, and region-specific promotions. This policy explains what we collect, how we use it, who we share it with, and the choices you have.

Who we are

Controller:  WH Limited, Registration number НЕ 436274, Pigmalionos 2, 2122 Nicosia, Cyprus
Primary site: https://onlinelotto.games/ (and other localized Online Lotto domains).
Contact (privacy): [email protected]
Postal address: Pigmalionos 2, 2122 Nicosia, Cyprus

Scope

This policy covers personal data when you browse our sites, create or access an account (including magic-link login), submit entries, view results, earn or spend points, participate in streaks and referrals, receive emails, or view third-party offers (e.g., on our “/casino/” page).

Eligibility & children

You must meet the legal age in your region to use Online Lotto. We don’t knowingly collect data from minors. If you believe a minor has provided data, contact us so we can delete it.

Data we collect

1) Account & identity

  • Email address (for passwordless “magic-link” login and essential notices)
  • Display name and optional profile fields you choose to add

2) Gameplay & engagement

  • Entries, results, points, streaks, referral activity
  • In-product settings and actions (e.g., viewing your results history)

3) Technical & device

  • IP address, approximate location (country/region), device/browser type, language, screen size
  • Security signals (e.g., failed logins, rate limits, abuse indicators)
  • Cookies and similar technologies (see “Cookies & similar technologies”)

4) Communications

  • Email preferences (opt-in/opt-out), unsubscribe/suppression records
  • Support requests and feedback (including message content and attachments)

5) Referral & anti-abuse

  • Referral links used, referral status and validations
  • Limited signals to detect prohibited behavior (e.g., multi-accounting, automation). We do not use invasive fingerprinting.

6) Partner offers & attribution

  • If you click a licensed partner offer from our site, we may use a simple click ID for attribution. Partner sites have their own privacy policies.

7) Media & user content (if enabled)

  • If you upload images, avoid embedded location data (EXIF). Public images may allow others to extract location data.

How we use your data (purposes)

  • Provide the service: account creation, magic-link login, entries, draws, results, points, streaks, referrals
  • Security & integrity: prevent spam, fraud, and abuse; enforce one-account rules
  • Communications: send essential emails (login, security, service updates) and, with consent, promotional emails
  • Improve & localize: fix bugs, improve performance and accessibility, show region-appropriate content and times
  • Legal & compliance: meet legal obligations and respond to lawful requests

Legal bases (where applicable)

  • Contract: to provide your account and the game features you use
  • Legitimate interests: service security, anti-abuse, product improvement, basic attribution of partner clicks
  • Consent: non-essential cookies/analytics/marketing
  • Legal obligation: records and disclosures required by law

Cookies & similar technologies

We use:

  • Essential cookies: login/session, security, load balancing (required for the site to work)
  • Preferences (optional): remember choices like display settings
  • Analytics (optional): understand usage and improve features
  • Marketing/attribution (optional): measure the effectiveness of partner offers

Manage optional cookies via our banner or [Privacy Settings] link. Blocking all cookies may limit features like magic-link login.

Email choices

  • Essential emails: login links, security, critical service messages (cannot be unsubscribed while your account is active)
  • Promotional emails: opt in or out at any time via the footer link in emails or in your account preferences
    We keep suppression records to honor your opt-out.

Comments & Gravatar (if enabled)

If comments are enabled, we collect the data shown in the form plus IP and user-agent to help detect spam. After approval, your profile image (if any) may appear with your comment. If you use Gravatar, an anonymized hash of your email may be sent to Gravatar to check for a profile; Gravatar’s privacy policy applies.

Embedded content & external sites

Pages may include embedded content (e.g., videos). Embedded content can behave as if you visited the other site and may collect data per that site’s policy. Links to partner offers lead to independent sites with their own practices.

Who we share information with

We do not sell personal data. We share data only with:

  • Service providers: hosting, content delivery, email, analytics, anti-abuse, and support tools under contract and confidentiality
  • Partners: if you click through to a licensed partner offer, that site is a separate controller with its own policy
  • Legal & safety: to comply with law or protect our rights, users, or the public
  • Business transfers: if we undergo a merger, acquisition, or asset sale, we’ll inform you of material changes

International transfers

Your data may be processed in countries with different privacy laws. Where required, we use safeguards such as standard contractual clauses or other recognized transfer mechanisms.

Data retention

We retain personal data only as long as needed for the purposes above and to comply with law. In general:

  • Operational records (entries/results/points/referrals): kept for running the service and resolving disputes, then deleted or anonymized
  • Account data: kept while your account is active; on deletion, we remove or anonymize data unless legally required to retain some records
  • Email suppression: retained to honor your opt-out

If you need exact retention periods for your region, contact us.

Security

We use reasonable technical and organizational measures (encrypted transport, access controls, rate-limiting, routine maintenance). No system is perfectly secure; report concerns to [security@yourdomain] and we’ll investigate.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing, and to portability. Where we rely on consent, you can withdraw it at any time. You can also manage marketing choices via the link and email footers.

  • South Africa (POPIA): rights to access, correction, deletion, and to object to certain processing.
  • EEA/UK (GDPR/UK GDPR): rights to access, rectification, erasure, restriction, objection (including profiling on legitimate interests), portability, and to lodge a complaint with a supervisory authority.
  • California (CCPA/CPRA): rights to know/access, delete, correct, and limit use of sensitive information, and to opt-out of certain “sharing” (use our [Do Not Sell/Share My Info] link if applicable). We do not sell personal information for money.

How to exercise your rights

Email [[email protected]] or use. We may need to verify your identity. Authorized agents may make requests where allowed by law.

Automated decision-making

We do not make decisions with legal or similarly significant effects based solely on automated processing. We use limited automated checks to prevent abuse and keep the game fair. You can contact us to contest or request human review of such checks.

Changes to this policy

We will update this policy as needed and post the new effective date above. If changes are material, we’ll provide additional notice (e.g., banner or email). Continued use after changes means you accept the updated policy.