Live Audit: Active
Responsible Play Legal Framework
Open Syndicate Account

Data Privacy Charter

At DCS Lotto, we treat your personal and financial information with the same rigor and security protocols applied to sovereign financial assets. This charter outlines our uncompromising approach to data sovereignty, encryption, and regulatory compliance under the Australian Privacy Principles (APPs).

1. Information Collection Types

To facilitate secure syndicate participation and comply with federal Anti-Money Laundering (AML) mandates, we are legally required to collect specific categories of information. We reject the unnecessary harvesting of behavioral data common in retail environments.

1.1 Identity Verification Data (KYC)

Prior to finalizing any syndicate entry, we must verify your identity. This includes collecting your full legal name, date of birth, primary residential address, and government-issued identification numbers (e.g., driver's license or passport). This data is used solely to confirm you meet the 18+ age restriction and are legally eligible to participate in Australian lotteries.

1.2 Financial Transaction Data

To process escrow deposits and execute payout disbursements, we collect banking institution details, encrypted credit/debit card tokens, and transaction histories. Full primary account numbers (PANs) are never stored on our operational servers; they are tokenized and processed by PCI-DSS Level 1 certified banking partners.

1.3 Operational and Audit Data

We log IP addresses, device identifiers, and session timelines. This is not for marketing; it is a critical security measure to detect anomalous login patterns, prevent account hijacking, and provide a verifiable audit trail for regulatory bodies.

2. Cryptographic Storage Standards

Your data is not merely 'stored'; it is secured within a multi-layered cryptographic vault architecture.

  • Data at Rest: All Personally Identifiable Information (PII) and financial records are encrypted at rest using AES-256 block-level encryption.
  • Data in Transit: All communications between your device and our servers utilize TLS 1.3 encryption, ensuring interceptors cannot decrypt the transmission.
  • Segregation of Duties: Operational databases handling draw mechanics are strictly segregated from the secure vaults holding KYC data. Anonymized hash ledgers bridge the two, ensuring a breach in one system does not compromise the other.
  • Data Sovereignty: All primary and backup data centers are physically located within the sovereign territory of Australia, ensuring foreign jurisdictions cannot compel data access.

3. Third-Party Auditor Disclosures

DCS Lotto does not sell, rent, or lease participant data to marketing agencies, data brokers, or unverified third parties under any circumstances. However, structured disclosures are necessary for operational integrity.

We provide restricted, read-only access to specific data sets to the following entities:

  • State Gaming Regulators: To verify compliance with state laws and ensure draw integrity.
  • Independent Auditing Firms: To conduct quarterly reviews of our hash ledgers and financial reserves. They access anonymized data to confirm that every purchased ticket fraction matches the escrow balance.
  • Financial Institutions: To facilitate the secure transfer of funds during deposits and major prize disbursements.
  • Law Enforcement Agencies: Only when compelled by a valid, legally binding court order or subpoena issued by an Australian court.

4. User Rights and Data Deletion Procedures

You retain fundamental rights regarding your personal information, subject to overriding federal regulations regarding financial record keeping.

4.1 Access and Correction

You may request a complete cryptographic manifest of all personal data held by DCS Lotto. You also have the right to demand the correction of any inaccurate or outdated information.

4.2 Data Retention and the 'Right to be Forgotten'

While you may request the deletion of your account, please be aware that Australian AML/CTF legislation legally mandates that we retain certain financial transaction records and KYC verification documents for a period of seven (7) years following the closure of your account. During this holding period, your data remains fully encrypted and inaccessible for any operational purpose other than legal compliance.

Once the statutory retention period expires, all associated records are subjected to secure, cryptographic erasure, rendering the data permanently irrecoverable.

To initiate a data access or deletion request, please contact our Compliance Officer through the secure portal on our Contact page.