PRIVACY POLICY

Last updated: 15 August 2025

POLICY STATEMENT

At STG 4T PTY LTD (‘we’, ‘us’, or ‘our’), we take your privacy seriously. This document explains how and why we access, collect, store, use, and share (‘process’) your personal information whenever you use our services, including when you:

  • Visit our website at https://aussieluckyharbour.com, or any other site we operate that links to this privacy notice
  • Use our platform to access our lottery courier services, which allow users to purchase official lottery tickets from a range of providers
  • Interact with us in other ways (whether through sales, customer support, marketing, or events)

The provisions of this Policy are governed by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and all other applicable legislation, including the Spam Act 2003 (Cth), the Competition and Consumer Act 2010 (Cth), and licensing and regulatory obligations applicable to authorised lottery operators in the Northern Territory of Australia. This Policy further reflects compliance with advertising and data collection requirements imposed by Google, Microsoft, Meta, and other applicable third-party platforms under their respective advertising terms and policies.

We are committed to the protection of the Personal Information of individuals, and to maintaining the highest possible standards of privacy. We seek to implement practices, procedures, and systems that comply with Australian privacy laws.

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us. All questions, requests, or complaints regarding this Policy should be submitted in writing by email to support@aussieluckyharbour.com, or by post to 120 Turner Street, Port Melbourne, VIC 3207, Australia.

The Services are intended solely for individuals who are at least 18 years of age and are residents of Australia. Persons under the age of 18, or who do not reside in Australia, are not permitted to use or register for the Services.

By using the Platform, you agree to this Privacy Policy, our Terms of Service and our Cookies Policy and you acknowledge that you have read and understood these terms and expressly consent to the collection, handling, storage, use, and disclosure of your personal information in accordance with its terms.

TABLE OF CONTENTS

  1. INFORMATION WE COLLECT AND STORE
  2. USE AND PURPOSE OF YOUR INFORMATION
  3. DISCLOSURE OF COLLECTED INFORMATION
  4. USE OF COOKIES AND TRACKING TOOLS
  5. RETENTION PERIOD FOR INFORMATION
  6. INFORMATION SECURITY MEASURES
  7. COLLECTION OF DATA FROM MINORS
  8. YOUR DATA RIGHTS AND CHOICES
  9. DO-NOT-TRACK SETTINGS AND CONTROLS
  10. CHANGES TO THIS PRIVACY POLICY
  11. CONTACT INFORMATION AND ENQUIRIES
  12. ACCESS, UPDATE OR DELETE DATA

1. INFORMATION WE COLLECT AND STORE

We collect and process personal information from you directly and automatically when you interact with our services. The categories of information we collect are necessary for the provision of our services, security, and legal compliance. All personal information collected is processed in accordance with the terms of this Policy and applicable laws. You are responsible for ensuring that the personal information you provide to us is true, complete, and accurate, and you must notify us of any changes to such information.

1.1 Personal information you disclose to us

You voluntarily provide us with personal information when you register on the Services, express an interest in our products and Services, participate in activities on the Services, or otherwise when you contact us.

(a) Personal Information Provided by You

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • names
  • email addresses
  • usernames
  • passwords
  • contact or authentication data
  • phone numbers
  • mailing addresses
  • contact preferences
  • billing addresses
  • date of birth

(b) Sensitive Information

We do not process sensitive personal information. Unless you provide this information to us yourselves, we do not request, nor do we collect, any sensitive information about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. We also do not collect any information about criminal convictions and offences.

(c) Payment Data

We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. Credit and debit card details are not stored on our servers but are encrypted by the processing bank.

1.2 Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

(a) Log and Usage Data

Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps'), and hardware settings).

(b) Device Data

We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

(c) Location Data

We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

1.3 Google API

We utilize Google's reCAPTCHA service to protect our contact and submission forms from spam and abuse. This service may collect personal information, such as your IP address, to determine if you are a human user. The information collected by reCAPTCHA is processed in accordance with Google's Privacy Policy. Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

2. USE AND PURPOSE OF YOUR INFORMATION

We process your personal information for specific and legitimate purposes as outlined in this Policy. These purposes include the following:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate delivery of services to the user: We may process your information to provide you with the requested service and to fulfill the core functions of the Platform.
  • To respond to user inquiries/offer support to users: We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you: We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
  • To fulfil and manage your orders: We may process your information to fulfil and manage your orders, payments, returns, and exchanges made through the Services.
  • To protect our Services: We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
  • To evaluate and improve our Services and user experience: We may process your information when we believe it is necessary to identify usage trends and to evaluate and improve our Services, products, and your experience.
  • To comply with our legal obligations: We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.

All processing of personal information is conducted in accordance with the Australian Privacy Principles and applicable data protection requirements, and is subject to internal controls designed to ensure data minimisation, accuracy, and purpose limitation. Personal information is not used for purposes unrelated to its original collection unless authorised by law or valid consent.

3. DISCLOSURE OF COLLECTED INFORMATION

We may disclose personal information to third parties strictly as required for the lawful operation of the Website, performance of contractual obligations, compliance with legal duties, or in accordance with your express instructions.

Disclosure may occur to the following categories of recipients:

  1. identity verification providers, credit reference agencies, or age verification services engaged to confirm user eligibility and regulatory compliance;
  2. licensed payment processors, financial intermediaries, and reconciliation providers for the purpose of executing and confirming lawful transactions and withdrawals;
  3. infrastructure hosting providers, cloud storage operators, and technical service vendors contracted to provide secure and scalable platform support;
  4. analytics and advertising platform providers (including Google, Microsoft, Meta, and affiliate networks) for the purpose of campaign attribution, remarketing, conversion tracking, and compliance with advertising policies, subject to consent and applicable opt-out mechanisms;
  5. regulatory authorities, law enforcement agencies, or governmental departments where required by warrant, subpoena, notice, or statutory reporting obligation;
  6. auditors, legal counsel, compliance consultants, or dispute resolution bodies engaged to assist in the investigation or resolution of regulatory, legal, or contractual matters;
  7. parties to any actual or proposed merger, acquisition, restructure, financing, or sale of assets, to the extent necessary to facilitate due diligence or operational succession.

All third-party recipients of personal information are bound by legally enforceable obligations of confidentiality, data protection, and purpose limitation. Personal information may not be used by third parties for any independent or unauthorised purpose.

We do not sell, rent, trade, or otherwise commercialise personal information to third parties for unrelated direct marketing or profiling purposes. We may need to share or transfer your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Where personal information is transferred outside Australia, we ensure that the overseas recipient is subject to equivalent privacy obligations, or that the transfer is otherwise permitted under the Privacy Act 1988 (Cth). Where required, we will obtain your express consent before any such international transfer occurs.

4. USE OF COOKIES AND TRACKING TOOLS

The Website uses cookies and equivalent tracking technologies to facilitate secure account access, optimise performance, assess user engagement, and support lawful advertising and promotional campaigns.

Cookies are data files stored on your device that allow us to identify sessions, remember preferences, and deliver relevant content. Cookies may be classified as either strictly necessary (essential for functionality) or non-essential (used for performance, analytics, or marketing).

To enable the working of certain functions during your visit to our Services, we make use of cookies on various pages. We use two types of cookies:

  • 'session cookies' which are stored temporarily during a Browse session in order to allow normal use of the system and are deleted from your device when the browser is closed;
  • 'persistent cookies' which are read only by our Services, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in.

We deploy tracking technologies only in accordance with the Australian Privacy Principles, the Spam Act 2003 (Cth), and the consent and data use requirements of Google Ads, Microsoft Ads, Meta, and related third-party platforms. No non-essential cookies will be placed until you have provided affirmative consent through our cookie consent interface.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.

Tool Purpose Privacy Policy Link
Google Analytics Visitor behaviour analysis, session statistics https://policies.google.com/privacy
Meta Pixel (Facebook) Conversion tracking, ad attribution, remarketing https://www.facebook.com/policies/cookies/
Microsoft UET Microsoft Ads tracking and campaign effectiveness https://privacy.microsoft.com/privacystatement
Microsoft Clarity Heatmaps, session recordings, user interface diagnostics https://clarity.microsoft.com/terms
Affiliate Tracking Attribution of referred users and affiliate payment validation As per affiliate network policy
CookieYes CMP Consent capture and enforcement under Google Consent Mode https://www.cookieyes.com/privacy-policy/

You may manage your cookie preferences by:

  • Responding to the cookie consent prompt displayed upon first access;
  • Adjusting your browser settings to block or delete cookies; or
  • Using opt-out tools provided by relevant advertising vendors.

Refusal of non-essential cookies will not restrict access to the Website, although certain personalised features may not be functional or fully optimised.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or not function properly. You can find out more about this in our Cookie Policy: https://aussieluckyharbour.com/cookies-policy.html.

5. RETENTION PERIOD FOR INFORMATION

We retain personal information only for as long as is reasonably necessary to fulfil the purposes for which it was collected, or as required to comply with applicable law, licensing obligations, audit requirements, or risk management processes. No purpose in this notice will require us keeping your personal information for longer than six (6) months past the termination of the user's account.

Retention durations are determined by reference to the following factors:

  1. operational necessity, including active account management, dispute resolution, and transaction fulfilment;
  2. mandatory retention periods under financial services, taxation, and anti-money laundering (AML) and counter-terrorism financing (CTF) laws;
  3. regulatory licence conditions imposed under the Northern Territory gambling regime;
  4. statutory limitation periods relevant to contractual enforcement or legal claims;
  5. documentation and recordkeeping obligations imposed by applicable authorities.

Upon account closure or termination, personal information will be retained only to the extent required for legal compliance, evidentiary integrity, or security monitoring. Once such retention is no longer required, the data will be securely deleted or irreversibly anonymised.

Backup data may be retained in encrypted storage environments for disaster recovery and compliance continuity. Access to archived data is strictly restricted and monitored.

6. INFORMATION SECURITY MEASURES

We have implemented and maintain appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process.

These security measures include:

  • Encryption of data in transit using Transport Layer Security (TLS) protocols;
  • Hosting infrastructure with segmented access zones, firewall protection, and secure authentication;
  • Multi-factor authentication (MFA) and role-based access controls for administrative systems;
  • Regular vulnerability assessments, penetration testing, and external security reviews;
  • Continuous monitoring for suspicious activity, anomalies, or unauthorised attempts to access platform assets;
  • Separation of user data from internal operations and third-party systems under a strict least-access policy.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be completely secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment and are responsible for maintaining the confidentiality of your login credentials. You must notify us immediately of any suspected unauthorised access to your account.

In the event of a data breach affecting personal information, we will take all steps required under the Notifiable Data Breaches scheme established by the Privacy Act 1988 (Cth), including mandatory notification to affected individuals and the Office of the Australian Information Commissioner (OAIC), where applicable.

7. COLLECTION OF DATA FROM MINORS

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. Access to the Website and participation in any services offered by Aussie Lucky Harbour is strictly limited to individuals who are eighteen (18) years of age or older. This restriction is imposed to ensure compliance with applicable gambling legislation, age-based eligibility requirements, and responsible gaming obligations under Northern Territory licensing conditions.

We implement identity and age verification procedures during account creation and at any time deemed necessary for ongoing compliance. If a user is identified or reasonably suspected to be under the age of 18:

  1. the user account will be immediately suspended or permanently terminated;
  2. all personal information associated with the account will be erased or anonymised;
  3. we may notify relevant regulatory or law enforcement authorities, as required by law.

If we learn that personal information from users under 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of a minor using the Website or submitting personal information through any channel, you must immediately notify us at support@aussieluckyharbour.com.

8. YOUR DATA RIGHTS AND CHOICES

You are entitled to certain rights regarding your personal information. These rights are fundamental to the protection of your personal data. We acknowledge these rights and are bound by legal duty to assist you in their exercise.

8.1 Your Privacy Rights

As an individual whose personal information is collected and processed by us, you may, subject to verification and legal limitations, exercise the following rights under the Privacy Act 1988 (Cth):

  1. Right of Access. You may request confirmation of whether we hold personal information about you and obtain a copy of such information.
  2. Right of Correction. You may request correction of any personal information that is inaccurate, incomplete, or outdated.
  3. Right of Erasure. You may request deletion of your personal information where it is no longer required for any lawful purpose and no legal or regulatory obligation prevents erasure.
  4. Right to Object. You may object to the use of your personal information for direct marketing or analytical profiling purposes.
  5. Right to Restrict Processing. You may request that we temporarily suspend processing of your information under certain conditions.
  6. Right to Withdraw Consent. Where processing is based on your prior consent (e.g., for marketing or non-essential cookies), you may withdraw such consent at any time.
  7. Right to Data Portability. Where technically feasible, you may request a copy of your personal information in a structured, machine-readable format.

8.2 How to Exercise Your Rights

The easiest way to review or change the information in your account or terminate your account is to:

  • Log in to your account settings and update your user account; or
  • Contact us via the support form provided in your account.

We may require you to verify your identity before acting on any request to protect the security and integrity of your personal information. All requests must be submitted in writing.

8.3 Our Response to Your Request

We will respond to all valid requests within thirty (30) calendar days unless an extension is legally permitted.

  • the information is required to comply with a legal obligation;
  • the request is manifestly unfounded, repetitive, or excessive;
  • disclosure would impact the privacy of others or breach applicable laws;
  • the information must be retained for anti-money laundering (AML), counter-terrorism financing (CTF), licensing, taxation, or dispute resolution purposes.

If you are dissatisfied with our response, you may lodge a formal complaint with the Office of the Australian Information Commissioner (OAIC) via https://www.oaic.gov.au.

9. DO-NOT-TRACK SETTINGS AND CONTROLS

Some web browsers and mobile applications allow users to transmit a “Do Not Track” (DNT) signal to indicate a preference to disable cross-site tracking.

At present, no legally binding or industry-wide standard for recognising DNT signals exists. Accordingly, the Services do not respond to DNT signals at this time. We remain committed to updating our DNT recognition policy to comply with any new legal standards, guidance from the OAIC, or platform policies. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Users may exercise control over tracking through the following measures:

  • Adjusting consent preferences using our on-site cookie banner;
  • Using browser controls to block, restrict, or delete cookies and tracking technologies;
  • Employing opt-out mechanisms made available by advertising platforms (e.g., Google Ads Settings, Microsoft Advertising Opt-Out).

Refusing tracking cookies will not affect your ability to access the Services, but may limit the functionality or relevance of certain features.

10. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated 'Revised' date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

11. CONTACT INFORMATION AND ENQUIRIES

If you have questions or comments about this notice, or wish to submit a privacy-related enquiry, complaint, or data access request, you must do so in writing via email or post to one of the following addresses:

Postal Address:
Aussie Lucky Harbour
120 Turner Street
Port Melbourne
VIC 3207
Australia

Email:
support@aussieluckyharbour.com

All valid requests will be assessed in accordance with our obligations under the Privacy Act 1988 (Cth). We will respond within thirty (30) calendar days or such additional time as may be permitted under law.

  • compliance would contravene an Australian law or court order;
  • the request is manifestly unfounded or excessive;
  • deletion would impair rights or obligations under gambling licence conditions, AML/CTF regulations, or taxation law; or
  • the information is required for evidentiary, compliance, or operational continuity purposes.

We are committed to handling your inquiries with care and in accordance with our obligations. Your privacy is our priority, and we will do our best to address your concerns promptly and thoroughly.

12. ACCESS, UPDATE OR DELETE DATA

You have the right to request access to the personal information we collect from you, correct any inaccuracies, or delete your personal information. These rights may be limited in some circumstances by law. To submit a data subject access request to review, update, or delete your personal information, please send a written request to support@aussieluckyharbour.com. We may request identity verification before processing your request.