# Privacy & Security

### Secure Hosting & Data Storage

* RaffleLink self-hosts web application on a server based in Victoria
* All data retained and stored internally in secure environment
* Data used solely for compliance record-keeping requirements
* No cross-border data sharing
* Server located in secured Australian data centre

### Data Security Infrastructure

#### Secure Transaction Environment

* Uses Transport Layer Security (TLS) technology
* Creates encrypted environment for commerce
* Establishes encrypted link between web server and browser
* All data passed between server and browsers remains private
* Highest industry standard used by millions of websites

#### Browser Compatibility

* Compatible with all major browsers:
  * Edge
  * Firefox
  * Chrome
  * Safari
  * Other modern browsers

#### Security Verification

* Look for security indicators:
  * Lock icon in browser
  * Green bar with "RaffleLink" near top
  * URL begins with 'https\://' (standard pages begin with 'http\://')

#### Server Access Controls

* Secure MySQL database for ticket purchaser data
* Strictly limited access to:
  * Server Admins
  * RaffleLink Admins
  * Raffle Client Admins (only their specific raffle data)
* Virtual Server access credentials stored in secure intranet system
* Protected via Firewall and TLS

### Data Collection & Usage

#### Personal Information Collection

* Only collects information reasonably necessary for:
  * Business activities
  * RaffleLink promotion/marketing
* Collection methods:
  * Website
  * Phone
  * Social media
  * Online contact forms
  * Business meetings
  * Registration forms
  * Ticket purchases

#### Website Visitor Data

Collects:

* IP address and browser type
* Access date and time
* Referring website address
* Used only for measuring site section visits
* Anonymous browsing supported

#### Credit Card Security

* No credit card information stored
* Unauthorized use must be reported to card provider
* Secure payment gateway (Stripe) for transactions

### Privacy Policy Compliance

#### Australian Privacy Principles Adherence

* Complies with Privacy Act 1988
* Open and transparent management
* Supports anonymity and pseudonymity
* Only collects solicited information
* No sensitive information collection (race, politics, religion, etc.)

#### Information Usage

Primary Purpose:

* Service communication
* Raffle management
* Transaction processing

Secondary Purpose:

* Business promotion
* Service updates
* Client raffle promotion
* Feedback collection
* Platform development

#### Information Sharing

Information disclosed to:

* Payment gateway (Stripe)
* Raffle organizers/beneficiaries
* Government bodies (as required)
* Third-party organizations for:
  * Marketing
  * Website maintenance
  * Platform development
  * Government auditing

### Data Quality & Maintenance

#### Accuracy Measures

* Parameter-controlled system inputs
* Cross-checking with public information
* Internal system auditing
* User update opportunities

#### Protection Against:

* Misuse
* Interference
* Loss
* Unauthorized access
* Modification
* Disclosure

### User Rights & Access

#### Personal Information Access

* Users may request access to their data
* Identity verification required
* Access may be refused if:
  * Against the law
  * Impacts others' privacy

#### Information Management

* Correction requests accepted
* Regular updates maintained
* Reasonable steps taken for accuracy
* De-identification when no longer needed
* Marketing opt-out available
* Source disclosure upon request

### Direct Marketing

* Consent required for marketing communications
* Clear opt-out methods provided
* Source disclosure available
* Prompt compliance with opt-out requests

### Security Breach Procedures

* Unauthorized access must be reported
* Credit card breaches reported to providers
* System security regularly reviewed
* Incident response protocols in place

*All personal information is handled in accordance with Australian Privacy Principles and relevant legislation.*