Privacy Policy

1. Introduction and Commitment to Privacy

Alliance Rewards Club ("we", "us", "our", "Company") operates the Alliance Rewards Club website and services (the "Service"). This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal information in accordance with the Australian Privacy Principles ("APPs") under the Privacy Act 1988 (Cth) ("Privacy Act").

We are committed to protecting your privacy and handling your personal information responsibly and in accordance with applicable privacy laws. This Privacy Policy describes our practices concerning the personal information we collect from you when you use our Service, visit our website, register for an account, subscribe to a membership, participate in draws, or otherwise interact with us.

By using our Service, accessing our website, or providing us with your personal information, you consent to the collection, use, disclosure, and storage of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service or provide us with any personal information.

This Privacy Policy should be read in conjunction with our Terms & Conditions and Official Draw Rules, which are incorporated by reference and form part of your agreement with us.

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

2. Definitions

For the purposes of this Privacy Policy:

3. Information We Collect

3.1 Personal Information You Provide Directly

When you register for an account, subscribe to a membership, participate in draws, contact customer support, or otherwise interact with our Service, we may collect the following types of personal information directly from you:

3.2 Information Collected Automatically

When you access or use our Service, we automatically collect certain technical and usage information:

3.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

3.4 Sensitive Information

We generally do not collect sensitive information as defined by the Privacy Act. However, we may collect:

• Health information if you voluntarily provide it in correspondence or support requests
• Criminal record information if required for high-value prize verification and permitted by law

We will only collect sensitive information with your explicit consent and where permitted or required by law. Sensitive information is subject to heightened protection measures and strict access controls.

4. How We Use Your Personal Information

We use your personal information for the purposes described in this Privacy Policy and in accordance with the APPs. The primary purposes for which we collect and use your information include:

4.1 Provision of Services and Account Management

• Creating, maintaining, and securing your account
• Processing subscription payments and managing billing
• Allocating entries into eligible draws based on your membership tier
• Conducting draws using provably fair, blockchain-verified random selection
• Selecting, notifying, and verifying winners
• Distributing prizes (cash transfers, physical goods, experiences)
• Providing access to your member dashboard and account features
• Maintaining subscription and membership status
• Processing upgrades, downgrades, and cancellations

4.2 Communication and Customer Support

• Sending transactional emails (account creation confirmations, payment receipts, prize notifications)
• Providing customer support and responding to inquiries
• Sending service updates, important notices, and Terms/Policy changes
• Notifying you of draw openings, closings, and results
• Communicating about your membership status, renewals, and billing
• Sending marketing communications (only with your consent, as described in Section 9)
• Conducting surveys and requesting feedback to improve our Service

4.3 Verification, Fraud Prevention, and Security

• Verifying your identity, age, and eligibility to use the Service
• Detecting, investigating, and preventing fraud, abuse, and security threats
• Monitoring for suspicious activity, unauthorized access, or Terms violations
• Conducting risk assessments and fraud screening
• Protecting against payment fraud, chargebacks, and unauthorized transactions
• Investigating and responding to security incidents or data breaches
• Maintaining audit logs for security and compliance purposes
• Enforcing our Terms & Conditions and other policies

4.4 Service Improvement and Analytics

• Analyzing usage patterns to understand how members use the Service
• Conducting data analytics to improve features, functionality, and user experience
• Identifying and fixing bugs, errors, and technical issues
• Testing new features and conducting A/B testing
• Optimizing website performance, load times, and reliability
• Developing new products, services, and features
• Generating aggregated, anonymized statistics and reports (not linked to individuals)

4.5 Legal Compliance and Protection of Rights

• Complying with legal obligations, including tax reporting, anti-money laundering laws, and consumer protection regulations
• Responding to legal processes (subpoenas, court orders, government requests)
• Protecting our legal rights, property, and interests
• Defending against legal claims or litigation
• Cooperating with law enforcement investigations
• Reporting to regulatory authorities (OAIC, ATO, AUSTRAC) as required by law
• Maintaining records for compliance and audit purposes

4.6 Marketing and Promotional Purposes

With your consent, we may use your information for:

• Sending promotional emails about new draws, special offers, and membership benefits
• Displaying personalized advertisements on third-party platforms (Meta, Google)
• Creating audience segments for targeted advertising
• Measuring advertising campaign effectiveness
• Promoting winner announcements and testimonials (with your consent)
• Conducting market research and promotional surveys

You can opt out of marketing communications at any time (see Section 9).

4.7 Prize Distribution and Winner Publicity

• Announcing winners publicly on our website and promotional materials
• Publishing winner names, general locations (city/state), and prize details
• Creating winner testimonials, case studies, and success stories
• Producing photos, videos, and promotional content featuring winners
• Using winner content in marketing materials, social media, and advertisements

Winners may request limited anonymity for legitimate safety or privacy concerns (see Section 9).

4.8 Business Operations and Transactions

• Managing business operations, accounting, and financial reporting
• Conducting internal audits and compliance reviews
• Facilitating business transfers, mergers, acquisitions, or sale of assets
• Due diligence for potential business transactions
• Maintaining business records and archives

5. How We Share and Disclose Your Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share your information in the limited circumstances described below:

5.1 Service Providers and Business Partners

We share personal information with trusted third-party service providers who assist us in operating the Service and conducting our business. These providers are contractually obligated to:

• Use your information only for the specific purposes we authorize
• Implement appropriate security measures to protect your information
• Comply with applicable privacy laws and our instructions
• Delete or return your information when no longer needed
• Notify us of any data breaches or security incidents

5.2 Legal and Regulatory Disclosures

We may disclose your personal information when required or permitted by law:

• To comply with legal obligations, court orders, subpoenas, or government requests
• To respond to lawful requests from law enforcement or regulatory authorities
• To enforce our Terms & Conditions, policies, or agreements
• To protect our rights, property, safety, or the rights and safety of our users or the public
• To prevent, detect, or investigate fraud, security threats, or illegal activity
• To report suspicious transactions to AUSTRAC (Australian Transaction Reports and Analysis Centre)
• To report prize winnings to the Australian Taxation Office (ATO) as required by tax law
• To cooperate with OAIC investigations or privacy complaints

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets:

• Your personal information may be transferred to the successor entity or acquiring party
• We will provide notice before your information is transferred and becomes subject to a different privacy policy
• You will have the opportunity to delete your account before the transfer if you do not agree to the new privacy practices
• The successor entity will be required to honor the commitments made in this Privacy Policy

5.4 With Your Consent

We may share your information for other purposes with your explicit consent:

• Publishing winner announcements with your name, location, and photo
• Featuring your testimonials in marketing materials
• Sharing your information with sponsors or partners for specific promotions
• Any other disclosure you explicitly authorize

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

• Statistical reports on Service usage and member demographics
• Aggregated draw participation and prize distribution statistics
• Industry benchmarking and research data
• Business intelligence and analytics insights

Such data is not considered personal information under the Privacy Act once it can no longer identify individuals.

6. International Data Transfers

Your personal information may be transferred to, stored, and processed in countries outside Australia, including but not limited to the United States and European Union member states. These countries may have data protection laws that differ from Australian privacy laws.

6.1 Countries to Which We Transfer Data

6.2 Safeguards for International Transfers

We ensure that international data transfers are conducted in accordance with APP 8 (Cross-border disclosure of personal information):

• We only transfer data to countries with substantially similar privacy protections to Australia, or to entities that have committed to comply with the APPs
• Third-party service providers are contractually required to implement appropriate security measures and comply with applicable privacy laws
• We conduct due diligence on service providers to assess their privacy and security practices
• Standard contractual clauses and data processing agreements are in place with all international processors
• We monitor service providers' compliance with privacy obligations on an ongoing basis

6.3 Your Acknowledgement

By using the Service, you acknowledge and consent to the transfer of your personal information to these countries for the purposes described in this Privacy Policy. If you do not consent to international data transfers, please do not use the Service.

We take reasonable steps to ensure that overseas recipients handle your information in a manner consistent with the APPs. However, you acknowledge that Australian privacy law may not apply to overseas recipients, and you may not be able to seek redress under the Privacy Act for acts or practices of overseas recipients.

7. Data Security

We implement industry-standard technical, administrative, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, destruction, or loss.

7.1 Technical Security Measures

• Encryption in Transit: TLS/SSL encryption (minimum TLS 1.2) for all data transmitted between your device and our servers
• Encryption at Rest: Database encryption for sensitive data stored on our servers
• Password Security: Passwords are hashed using bcrypt with salt; we never store passwords in plain text
• Payment Security: PCI DSS Level 1 compliant payment processing through Stripe; we do not store full credit card numbers
• Firewall Protection: Web application firewalls (WAF) to protect against common attacks
• DDoS Protection: Distributed denial-of-service attack mitigation
• Intrusion Detection: Automated monitoring for suspicious activity and security threats
• Regular Security Updates: Timely application of security patches and software updates

7.2 Administrative Security Measures

• Access Controls: Role-based access control (RBAC) limiting employee access to personal information on a need-to-know basis
• Authentication: Multi-factor authentication (MFA) required for all administrative access
• Employee Training: Regular privacy and security training for all employees with access to personal information
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Background Checks: Background screening for employees with access to sensitive data
• Incident Response Plan: Documented procedures for responding to security incidents and data breaches
• Audit Logs: Comprehensive logging of access to personal information for audit and investigation purposes

7.3 Physical Security Measures

• Secure data centers with restricted physical access
• Video surveillance and security personnel at hosting facilities
• Environmental controls (fire suppression, climate control)
• Redundant power supplies and backup generators
• Secure disposal of hardware containing personal information

7.4 Regular Security Assessments

• Periodic vulnerability scans and penetration testing
• Third-party security audits and assessments
• Code reviews and security testing for new features
• Compliance assessments against industry standards (ISO 27001, SOC 2)

7.5 Limitations and Your Responsibilities

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You acknowledge that:

• You are responsible for maintaining the confidentiality of your account credentials
• You should use a strong, unique password and enable two-factor authentication if available
• You should log out of your account when using shared or public devices
• You should report any unauthorized access or security concerns immediately
• Internet transmission and data storage carry inherent risks

7.6 Data Breach Notification

In accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act:

• If we become aware of a data breach that is likely to result in serious harm to individuals, we will notify the OAIC and affected individuals as soon as practicable
• Notifications will include information about the breach, the types of information involved, steps we are taking to respond, and recommended actions for affected individuals
• We will provide notifications by email, account alerts, or other appropriate means
• We maintain an incident response plan to investigate and respond to suspected breaches promptly

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver relevant advertising. This section explains what technologies we use and how you can control them.

8.1 What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and provide information to website owners. We use both first-party cookies (set by us) and third-party cookies (set by external services like Meta and Google).

8.2 Types of Cookies We Use

8.3 Other Tracking Technologies

In addition to cookies, we use:

• Web Beacons (Pixels): Small transparent images embedded in web pages and emails to track opens, clicks, and conversions
• Local Storage: HTML5 local storage for caching data and improving performance
• Session Storage: Temporary storage that clears when you close your browser
• Device Fingerprinting: Collecting device characteristics for fraud prevention and security

8.4 Managing Cookies and Tracking Preferences

You have several options to control cookies:

Important: Blocking or deleting cookies may impact your ability to use certain features of the Service. Essential cookies cannot be disabled as they are necessary for core functionality.

9. Your Privacy Rights and Choices

Under the Australian Privacy Principles, you have important rights regarding your personal information:

9.1 Right to Access (APP 12)

You have the right to request access to the personal information we hold about you:

• You can request a copy of your personal information by contacting support@alliancerewardsclub.com
• We will respond to your request within 30 days
• We may verify your identity before providing access
• Access may be provided through your account dashboard or via secure email/portal
• We will provide information in a reasonable format (PDF, CSV, etc.)
• We may charge a reasonable fee for providing access in certain circumstances (e.g., extensive searches)

We may deny access in limited circumstances permitted by law (e.g., if providing access would have an unreasonable impact on others' privacy, would be unlawful, or would prejudice legal proceedings).

9.2 Right to Correction (APP 13)

You have the right to request correction of inaccurate, outdated, incomplete, irrelevant, or misleading personal information:

• You can update most account information directly through your account dashboard
• For other corrections, contact support@alliancerewardsclub.com with details of the information to be corrected
• We will respond to correction requests within 30 days
• If we refuse a correction request, we will provide written reasons and inform you of complaint mechanisms
• If we refuse correction, you may request that we associate a statement with the information noting that you dispute its accuracy

9.3 Right to Deletion/Erasure

You may request deletion of your personal information, subject to certain legal limitations:

• To request deletion, contact support@alliancerewardsclub.com or delete your account through your account dashboard
• We will delete information unless we have a legal obligation to retain it (e.g., tax records, prize distribution records, fraud investigations)
• Some information may be retained in backup systems for a limited period
• Deletion requests will be processed within 30 days
• After deletion, you will no longer be able to access your account or participate in draws

We may retain certain information if required by law, including:

• Prize winner records (minimum 7 years for tax compliance)
• Transaction records (7 years for tax and accounting purposes)
• Fraud prevention records (as needed for security purposes)
• Legal dispute records (until resolution + applicable limitation period)

9.4 Marketing Communications Opt-Out

You can opt out of marketing communications at any time:

• Click the "Unsubscribe" link in any marketing email
• Update your communication preferences in your account dashboard
• Contact support@alliancerewardsclub.com to opt out
• Reply "STOP" to marketing SMS messages (if applicable)

Important: Opting out of marketing communications does not opt you out of transactional or service-related communications (account notifications, payment receipts, prize notifications, Terms updates, security alerts), which are necessary for the operation of your account.

9.5 Anonymity and Pseudonymity

While we generally require identification for membership and participation in draws (for legal, tax, and security reasons), we offer limited anonymity options:

• Winner Announcements: If you win a prize and have legitimate safety or privacy concerns, you may request limited anonymity (e.g., using initials instead of full name, omitting location)
• Testimonials: You can request to remain anonymous or use a pseudonym in testimonials and promotional content
• Customer Support: You may use a pseudonym when contacting support for general inquiries (account-specific issues require identification)

To request anonymity options, contact support@alliancerewardsclub.com.

9.6 Data Portability

Upon request, we can provide you with:

• A copy of your personal information in a commonly used, machine-readable format (CSV, JSON)
• Your account data, transaction history, and draw participation records
• Information necessary to transfer your data to another service (where technically feasible)

9.7 Objecting to Processing

You may object to certain uses of your personal information:

• Marketing and promotional communications (opt-out as described above)
• Profiling for advertising purposes (adjust cookie settings and ad preferences)
• Use of your information for purposes beyond the original collection purpose (contact us to discuss)

Note that objecting to certain processing may limit your ability to use the Service or participate in draws.

9.8 Exercising Your Rights

To exercise any of your privacy rights:

We do not charge a fee for most privacy rights requests. In cases involving extensive or repeated requests, we may charge a reasonable fee to cover administrative costs.

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

10.1 Retention Periods

10.2 Secure Deletion

When personal information is no longer needed and the retention period has expired:

• Information is securely deleted or permanently anonymized
• Deletion methods include cryptographic erasure, overwriting, and physical destruction of media
• Backups are purged according to our backup retention schedule
• We maintain logs of deletion activities for audit purposes

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

11.1 Age Restrictions

• You must be at least 18 years old to create an account, subscribe to a membership, or participate in draws
• We require date of birth during registration and may request age verification
• Use of our Service by anyone under 18 is strictly prohibited

11.2 Parental Notice

If you are a parent or guardian and believe that your child under 18 has provided us with personal information:

• Contact us immediately at support@alliancerewardsclub.com
• We will investigate and delete the information promptly
• The account will be permanently terminated
• No refunds will be provided for subscriptions purchased by minors

11.3 Our Commitment

We take the protection of children's privacy seriously:

• We implement age verification measures during registration
• We investigate reports of underage users promptly
• We delete information belonging to children immediately upon discovery
• We may implement additional age verification for high-risk activities

12. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or applications (e.g., social media platforms, payment processors, advertising networks). This Privacy Policy does not apply to those third-party services.

12.1 Third-Party Privacy Practices

• We are not responsible for the privacy practices, content, or security of third-party websites or services
• Third parties have their own privacy policies that govern their collection and use of your information
• We encourage you to read the privacy policies of any third-party services you use
• Your interactions with third parties are governed by their terms and policies, not ours

12.2 Social Media Integration

If you choose to connect your social media accounts or share content on social platforms:

• The social media platform may collect information about your use of our Service
• Your social media activity may be governed by the platform's privacy policy
• We may receive limited information from your social profile if you grant permission
• You can manage social media integrations through your account settings and the social platform's privacy controls

12.3 Payment Processor

Payment processing is handled by Stripe. When you provide payment information:

• Your payment information is transmitted directly to Stripe
• Stripe's privacy policy governs their collection and use of payment data
• We do not store full credit card numbers on our servers
• Review Stripe's privacy policy at stripe.com/privacy

13. Privacy Complaints and Contact

13.1 Filing a Privacy Complaint with Us

If you believe we have not handled your personal information in accordance with this Privacy Policy or the Privacy Act:

13.2 Escalating to the OAIC

If you are not satisfied with our response to your privacy complaint, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC):

The OAIC can investigate privacy complaints and has powers to make determinations and order remedies under the Privacy Act.

13.3 General Privacy Inquiries

For questions about this Privacy Policy or our privacy practices:

14. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 Notification of Changes

When we make changes to this Privacy Policy:

• We will update the "Last Updated" date at the top of this page
• For material changes, we will notify you via email to your registered email address at least 30 days before the changes take effect
• We may also post a notice on our website or in your account dashboard
• We will maintain a version history of Privacy Policy changes upon request

14.2 Your Acceptance

Your continued use of the Service after the effective date of Privacy Policy changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes:

• You must stop using the Service
• You may cancel your subscription before the changes take effect
• You may request deletion of your account and personal information

14.3 Material Changes

"Material changes" include but are not limited to:

• Significant changes to the types of personal information we collect
• Major changes to how we use or share personal information
• Changes to data retention periods that significantly extend retention
• Introduction of new third-party service providers with access to sensitive data
• Changes that substantially reduce your privacy rights