Privacy Policy​


My Club Lotto (“MCG”) is a society lottery (TAND/LOT/19/006) registered with Tandridge Council and is operated by BD Sport Ltd. BD Sport Ltd. is licensed as an External Lottery Manager (license numbers 000-050123-R-327621-002 and 000-050123-N-327622-002) and is regulated by the Gambling Commission under the Gambling Act 2005.

MCG has employed the services of BD Sport Ltd. (“BDS”), incorporated and registered in England and Wales with company number 6421307 and having its registered office at 17 St Peter’s Place, Fleetwood, FY7 6EB, to manage the Lottery on its behalf. BDS is licensed by the UK Gambling Commission to manage lotteries on behalf of non-commercial societies and local authorities, such as MCG.

The Lottery is provided to customers via the Website, as defined below, using hardware and software provided to BDS by Ascend FS Ltd. (“Ascend”). Ascend is a company registered in Alberta, Canada with company number 2015361658 and having its registered office at 207 Queens Quay West, Suite 500, Toronto, ON M5J 1A7. Ascend is a “data processor” in respect of your Personal Information, as defined below. BDS and Ascend are part of the Ascend FS. group of companies, which will be referred to as the “BD Sport Group”.

For the purposes of this privacy policy (the “Privacy Policy”), references to “Lottery”, “we”, “us”, or “our” refer to both MCG and BDS, who are each independent data controllers in respect of your Personal Information. The “Website” refers to, and any related websites and/or applications. “Personal Information” means all information relating to an identifiable person who can be directly or indirectly identified by reference to the information.

MCG and BDS are each committed to respecting and protecting the accuracy, confidentiality and security of your Personal Information. We want you to feel secure when using the services we offer and via the Website (the “Services”).

This Privacy Policy sets out our policies concerning the collection, use, disclosure and protection of Personal Information we receive from customers using our Services, as well as the types of cookies that we use on our Website.


MCG and BDS are each responsible for Personal Information under its control and will take all reasonable steps to handle such Personal Information fairly and to ensure compliance with applicable laws in relation to the processing of Personal Information.

In order to oversee overall compliance with this Privacy Policy, and with applicable data protection laws, BDS has designated a Data Protection Officer. Contact information for our Data Protection Officer can be found at the end of this Privacy Policy.

The Personal Information We Collect

Voluntary information

If you visit our Website, buy a ticket for the lottery, request or subscribe to marketing materials , download content from the Website, contact us, or register to use the Services, we will collect Personal Information that you voluntarily provide to us (that may include your name, title, address, email address, IP address, telephone number, and contact preferences) in order to respond to your request or enquiry.


Government-issued ID

In certain instances, you will be required to provide a copy of a government-issued ID, in order for us to verify your identity. Please note that this information may be required in order for you to use or continue using our Services.


Device information

We may collect specific types of connection details and information with regard to your device, software or hardware that may identify you, such as: your device’s unique identifiers (e.g. UDID, IMEI, MAC address), IP address and geo-location data.


Technical information

In order to enhance the functionality of our Website and to provide you with a better user experience, we may collect technical information transmitted by your device, including certain software and hardware information (e.g. your language preference, the type of browser and operating system your device uses, access time, the domain name of the website from which you linked to our Services; etc.).


Analytics information

We collect information about your use of our Services, such as log files, user activity (e.g. pages viewed, the amount of time spent on particular pages, online browsing, clicks, actions, etc.), time stamps, alerts, etc. This information is collected for amongst other things troubleshooting errors and bugs as well as for research, profiling and analytics purposes about your use of our Website and Services, and providing you with tailored marketing and personalized products and Services.


You are under no obligation to provide Personal Information to us. However, certain Personal Information is essential for the provision and quality of the Services that we offer (for example, enabling you to collect winnings relating to a lottery ticket that you have purchased).


Purposes and Legal Bases for Collecting Personal Information

We collect, use and disclose Personal Information for the following purposes:


to develop, manage, deliver and support our products and Services;

to ensure high standards of service to customers;

to contact customers with regard to the Services as well as administrative or account-related information;

to respond to enquiries and fulfil requests, such as sending requested materials or documents regarding the Services;

to provide marketing and promotional communications (where this is in accordance with applicable law), and to determine the effectiveness of marketing and promotional campaigns;

to prevent you from buying ticket(s) for the lottery or from using our Website and Services, if you have requested that we do so (i.e. where you self-exclude);

to verify your identity;

to process transactions;

to perform data analysis, audits, fraud monitoring and prevention, develop new products, improve or modify the Services, and identify usage trends;

to comply with regulatory and licensing requirements related to the gambling licences held by MCG, BDS and 5050;

to identify and disclose any suspected unlawful, fraudulent, or other improper activity connected with our Website and Services (including money laundering);

to comply with applicable laws, comply with legal and regulatory processes, enforce our terms and conditions, and protect our operations, rights, safety or property.

The legal basis for collecting, using and disclosing Personal Information will depend on the Personal Information concerned and the specific context in which it was collected, including:


Where you have given us consent.

MCG collects, uses and shares your Personal Information for the purpose of marketing to you, where you have given MCG consent to do so. At any time, you can easily withdraw your consent to MCG marketing to you by emailing or by following the unsubscribe instructions provided in the email or other communication that you receive from MCG.


Where the processing is necessary for the performance of your contract with us.

Each of MCG and BDS collect, use and share your Personal Information where such information is essential to provide the Services to you. You are under no obligation to provide such Personal Information to us. However, you might not be able to use access and/or use some or part of the Services if you choose to withhold Personal Information that is required for those Services.


Where the processing is necessary for us to comply with our legal obligations.

In some circumstances, each of MCG and BDS are legally required to collect, use and share your Personal Information. For example, in connection with the prevention, detection or investigation of a crime or fraud, or where we are obliged to do so by the terms of our gambling licence(s). Where we process your Personal Information in order to comply with our legal obligations, we may need to retain such information in order to demonstrate that we have complied with our legal obligations.


Where the processing is necessary for a task carried out in the public interest.

Each of MCG and BDS collect, use and share your Personal Information where such processing is necessary for the purposes of the prevention or detection of an unlawful act, or is necessary for the exercise of a protective function (such as protecting members of the public against dishonesty or other improper conduct). We may rely on this as a legal basis for processing and/or sharing ‘special categories’ of data, or data relating to criminal convictions or offences.


Where we have legitimate interests in the processing.

Each of MCG and BDS collect, use and share your Personal Information where such processing is necessary for their legitimate business interests, unless MCG or BDS (as the case may be) determines that those interests are overridden by your interests or your fundamental rights and freedoms. By way of example, BDS has determined that it has legitimate interests in developing new products, improving or modifying the Services, and identifying usage trends.


Sharing Personal Information

We may share Personal Information with employees, contractors, consultants, affiliates, service providers, business partners and other parties who require such information to assist MCG and BDS in providing Services to you.


BDS shares your Personal Information with the BD Sport Group.


Each of MCG and BDS may share your personal data with the UK Gambling Commission and/or other licensing authorities and gaming regulators with whom we are licensed.


Each of MCG and BDS may use third party providers to manage aspects of your account including, but not limited to, anti-fraud and anti-money laundering checks, and credit risk checks. These third party providers may have access to or process your Personal Information for the purpose of providing these services to us.


MCG may use third party service providers including, but not limited to, BDS, in order to advertise and market lottery related products and services to you. When you have opted-in, your Personal Information may be shared with these third parties in order for them to provide such services to MCG.


BDS may share some or all of your Personal Information in connection with or during negotiation of any potential sale or investment in any of the companies in the BD Sport Group or in the event of a corporate transaction (e.g. a sale of a substantial part of our respective businesses, a merger, financing, restructuring, consolidation, acquisition, corporate divestiture, dissolution transaction, or other proceeding involving the sale, transfer, divestiture or disclosure of all or a portion of our business or assets). In the event of an insolvency, bankruptcy, or receivership, your Personal Information may also be transferred as a business asset.


In some cases, MCG and/or BDS may disclose your Personal Information, and any other information and/or records relating to you, if MCG and/or BDS are under a duty to disclose or share these details in order to comply with any legal obligation, or when ordered to do so by any governmental or administrative authority. MCG and/or BDS may also share such information if they believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.


The Lottery is subject to strict legal regulations. Because of this, MCG and/or BDS may share your Personal Information with certain third party service providers (such as credit reference agencies, fraud prevention agencies, payment service providers, including BlackBaud, and similar third parties that are also “data controllers” with regard to Personal Information that is held by them. For details of how BlackBaud processes your Personal Information, please see their privacy notice at


The use, collection and disclosure of Personal Information may involve MCG and/or BDS transferring Personal Information across borders and outside of the European Economic Area (the “EEA”). For example, your Personal Information may be transferred to Canada, for processing by 5050, our gambling software provider.


Where we transfer Personal Information from the EEA to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take steps to ensure that your data is treated securely and in accordance with this Privacy Policy. For example, we use approved contractual clauses, intragroup agreements and other measures designed to ensure that the recipients of your Personal Information protect it.


Please contact us if you have any questions regarding the security measures that we have in place with regard to Personal Information.



We use certain types of Cookies on the Website. “Cookies” are small text files containing small amounts of information which are downloaded to your device when you visit a website, so that the website can remember some information about your browsing activity on the website, either for the duration of your visit or for repeat visits. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. They do many different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience. In general, Cookies make the interaction between you and websites faster and easier.


The following describes the types of Cookies that we currently use or may in the future use on our Website:


Session Cookies

These are temporary cookies that expire when you close your browser. A “session cookie” assigns a randomly-generated, unique identification number to your device when you access the Website. Assigning your device a number facilitates the proper functioning of the features of our Website by permitting us to maintain a persistent “state” for your session, including information relating to transactions you might make. We also use session cookies to collect anonymous information (i.e., information that does not identify you personally) about the ways users use the Website, such as pages visited, links used, and how long each page is viewed. We analyse this information (known as “click-stream information”) to better understand our users’ interests and needs and to improve the content and functionality of the Website.


Persistent Cookies

Unlike a session cookie, a “persistent cookie” does not expire when you close your browser. It stays on your device until the expiration date set in the cookie (for example, at the end of a calendar month) or until you delete it. Persistent cookies can be used to “tag” your device so that the next time you visit (or someone using your device visits), our server will recognise you, not by name, but by the “tag” on your device. This will enable us to provide you with a personalised experience even if we do not know who you are. It will also allow us to collect more accurate information about the ways people use the Website; for example, how people use the Website on their first visit and how often they return. Using persistent cookies permits us to provide you with a more personalised experience and, in some cases, may save you the trouble of re-entering information already in our database.


Strictly necessary cookies

These cookies are essential for the running of our Website. Without these cookies, parts of our Website would not function. They enable you to move around the Website and use its features, such as accessing secure areas. These cookies do not track where you have been on the Internet and do not gather information about you that could be used for marketing purposes.


Performance cookies

These cookies are used to monitor the performance of our Website; for example, to determine the number of page views and the number of unique users the Website has. Web analytics services may be designed and operated by third parties on behalf of MCG and BDS. The information provided by these cookies allows us to analyse patterns of user behaviour, and we use that information to enhance user experience or identify areas of the Website which may require maintenance. These cookies do not collect information that identifies a visitor. All information collected through these cookies is aggregated and therefore anonymous.


Functional cookies

These cookies allow the Website to remember choices you make (such as your preferences, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. The information these cookies collect may be anonymised, and they cannot track your browsing activity on other websites.


Targeting or advertising cookies

These cookies, which may be placed on your device by us or our trusted third party service providers, remember that you have visited a website and use that information to provide you with advertising which is tailored to your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Without these cookies, online advertising you encounter will be less relevant to you and your interests.


Web Beacons

When you visit our Website, your device may receive one or more “web beacons” in order to assist us with delivering cookies, to collect anonymous information about the use of the Website by our users, and to deliver customised or targeted content to you on the Website. Web beacons (also referred to as “tracking pixels,” “1×1 gifs,” “single-pixel gifs,” “pixel tags,” or “action tags”) are graphic images, usually no larger than a 1×1 pixel, placed at various locations on the Website. They also help us identify browser types, search terms that bring users to our Website, and the domain names of websites that refer traffic to us. We also utilise web beacons to provide us with more information on any emails we send out. In particular, a web beacon in an email communication will send us information to let us know that you have received, opened, or acted upon an e-mail you have chosen to receive from us.


JavaScript Tags/Pixels

These are used by us to collect anonymous information about the use of the Website by our users, and to deliver customised or targeted content to you on the Website. We may use JavaScript tags to anonymously track how users interact with our Website, including where they came from and the manner in which they use our Website.


Some people find the idea of a website storing information on their device intrusive. If you would prefer to opt out of cookies, it is possible to manage them by changing the cookie settings on your device in your browser settings. Existing cookies that have already been set can be deleted from your hard drive. You can also block some or all cookies. However, you should be aware that you might lose some features and functionality of our Website if you do so. For more information about cookies and how to manage and delete them visit or


Third Party Links

The Website may contain links to third party sites, and we recommend and encourage you to read the privacy policies posted on those third party sites. MCG and BDS are not responsible for and have no control over information that is submitted to, or collected by, these sites.



We will retain your Personal Information for as long as necessary to fulfil the purposes for which it was collected, or to comply with applicable legal, tax or regulatory requirements. After this time, any Personal Information you have provided to us will be deleted or made anonymous.


Please note that we may be required in certain circumstances to retain your Personal Information indefinitely (for example, in order to comply with our policies and procedures in connection with responsible gambling and self-exclusion). We will take all necessary steps to ensure that the privacy of your Personal Information is maintained for the period of retention.


We may use and disclose aggregated and anonymous or de-identified information to third parties, including the general public. For example, we may analyse and publish reports on usage trends or statistics from across our global customer base for information or marketing purposes, but only after we have removed any Personal Information. This type of aggregated and anonymous or de-identified data can help us improve our products, services and advertising, and it can be used by customers and the public to better understand trends in the industry.


Your Rights

You have a number of rights with regard to your Personal Information, which are detailed below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.



We will make reasonable efforts to ensure that the Personal Information collected and used by us is accurate, complete and up-to-date to meet the purposes for which it is collected and used. However, you have the right to request correction to your Personal Information in the event it is inaccurate, incomplete or out of date.



You have the right to access your Personal Information. This includes (a) identification of and access to any or all of your Personal Information under our custody or control; (b) an explanation of how that Personal Information is or has been collected, used or disclosed by us; and (c) the names of any individuals and organisations to which your Personal Information has been disclosed by us.



You can request that we erase your Personal Information where there is no legal reason for us to continue processing it.


Data portability

This right allows you to obtain the Personal Information that you have provided to us with your consent or which was necessary for us to provide you with our Services in a format which enables you to transfer that Personal Information to another organisation. You may have the right to have your Personal Information transferred by us directly to the other organisation, if it is technically feasible.


Restriction of processing

You have the right in certain circumstances to request that we suspend processing of your Personal Information. Where we agree to suspend processing of your Personal Information, we will still be permitted to store your Personal Information, but any other processing of this information will require your consent, subject to certain exemptions.


Objection to processing

You have the right to object to the use of your Personal Information, where it is processed on the basis of our legitimate interests. However, we may continue to process your Personal Information, despite your objection, where there are compelling legitimate grounds to do so or we need to process your Personal Information in connection with any legal claims.


Withdrawal of consent

Where we have relied upon your consent to process your Personal Information, you have the right to withdraw that consent.


Any request to exercise your rights regarding your Personal Information must be made in writing to the Data Protection Officer and provide sufficient detail to identify the Personal Information and the action being sought. Contact information for our Data Protection Officer can be found at the end of this Privacy Policy.


We will respond to written requests within one calendar month of receiving such request. We will either make the requested information available within that time period, or provide written notice of an extension where additional time is required to fulfil the request. If we cannot fulfil your request in full or in part, you will be provided with a response in writing that explains the reason for refusal and the further options available to you.


Safeguarding Personal Information

MCG and BDS will comply with GDPR security arrangements and use appropriate technical and organisational measures to protect all Personal Information under our control (regardless of the format in which it is held) against unauthorised access, loss, theft, collection, use, disclosure, duplication, modification, disposal or similar risks, by both individuals outside of MCG and BDS, as well as within. The types of security safeguards that we use vary, depending on the nature and sensitivity of the Personal Information, the harm that might result from its improper use or loss, and how it is stored (e.g. in paper or electronically). Our security safeguards include locked filing cabinets, physically secured offices where Personal Information is held, limited employee access, the use of IDs, passwords, restricted servers, firewalls and encryption for electronic files, as well as contractual requirements for service providers to provide comparable security measures.


We will use appropriate security measures when disposing of and destroying Personal Information, such as shredding documents and deleting electronically stored information, in order to prevent unauthorised access.


We will review and update our security policies and controls as technology changes to ensure ongoing Personal Information security.


Use by Children

The Website and the Services are not intended for use by minors and we will not knowingly collect Personal Information about minors. If you believe that we have mistakenly or unintentionally collected a minor’s Personal Information, please contact our Data Protection Officer. Contact information for our Data Protection Officer can be found at the end of this Privacy Policy.