Privacy Policy

Last updated: 05 May 2026  |  Effective from: 5 April 2026

1. Who We Are

AOV WebDesigns Limited ("we", "us", "our") is a company registered in England and Wales.

  • Registered company name: AOV WebDesigns Limited
  • Companies House number: XXXXXXXX
  • Registered office: 123 Business Park, London, UK
  • ICO registration number: ZXXXXXXXX
  • Email: info@aovwebdesigns.com

We are registered with the UK Information Commissioner's Office (ICO) as a data controller. This policy explains what personal data we collect, why we collect it, and your rights under UK GDPR and the Data Protection Act 2018.

2. Data We Collect and Why

2.1 Contact Form

When you submit our contact form we collect your name, email address, and message.

  • Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) – responding to your enquiry.
  • Retention: 12 months, then securely deleted.

2.2 Account Registration

When you create an account we collect your full name, email address, and a hashed password.

  • Legal basis: Contract (Article 6(1)(b)) – necessary to provide the account service.
  • Retention: For as long as your account is active, plus 6 months after deletion to handle any outstanding issues.

2.3 Purchases & Payments

When you purchase a service, we collect your name, email, and order details. Payment card processing is handled entirely by Stripe, Inc. – we never see or store your full card number. Stripe's privacy policy is at stripe.com/gb/privacy.

  • Legal basis: Contract (Article 6(1)(b)); Legal obligation for invoicing / VAT records (Article 6(1)(c)).
  • Retention: 7 years to comply with HMRC requirements.

2.4 Server Logs and IP Addresses

Our web server automatically records your IP address, browser type, pages visited, and timestamps in access logs.

  • Legal basis: Legitimate interests – security, abuse prevention.
  • Retention: 30 days.

2.5 Cookies

We use cookies as described in our Cookie Policy. Strictly necessary cookies are used on the legal basis of legitimate interests. Optional cookies (analytics, marketing) are only set with your consent.

2.6 Statistical Analysis Tools (Lotto & Euromillions)

The UK Lotto Analysis and Euromillions Analysis tools do not collect personal data. Number frequency and draw statistics are sourced from publicly available lottery draw results. We do not link your use of these tools to your account or identity beyond what is necessary to verify your subscription access tier.

2.7 Premium Subscriptions

If you subscribe to a premium plan (e.g. Lotto Premium or Euromillions Premium), we store your Stripe customer ID, subscription status, subscription start and renewal dates, and associated email address.

  • Legal basis: Contract (Article 6(1)(b)) – necessary to provide your subscription.
  • Retention: 7 years to comply with HMRC financial record requirements.

Subscription billing is managed by Stripe. You may manage, pause, or cancel your subscription at any time through the customer billing portal accessible from your account page.

2.8 Community Participation & Moderation

If you use the community discussion sections on the Lotto or Euromillions pages, we store your posted messages, thread topics, and replies, linked to your account.

  • Legal basis: Contract (Article 6(1)(b)) – necessary to provide the community feature.
  • Retention: For as long as your account is active. Posts removed by a moderator are marked inactive (not publicly displayed) and may be retained for up to 6 months for moderation audit purposes, then permanently deleted.

Where a community report is submitted about your account, or where a moderation action is taken (such as a posting restriction or account ban for abusive language or harassment), we record the report reason, action taken, and the date of action. This data is used solely for community safety and moderation.

  • Legal basis: Legitimate interests (Article 6(1)(f)) – maintaining a safe and respectful community environment.
  • Retention: 12 months after the matter is resolved.

3. How We Use Your Data

  • To respond to your enquiries and provide our services
  • To create and manage your account
  • To process payments, issue invoices, and manage subscriptions
  • To verify your subscription access tier for premium tools
  • To operate and moderate the community discussion features
  • To comply with legal and regulatory obligations
  • To improve the security and performance of this website
  • To send service-related emails (e.g. order confirmations, password resets, subscription renewal notices)

We do not sell your personal data. We do not use it for automated decision-making or profiling.

4. Who We Share Your Data With

RecipientPurposeLocation
Stripe, Inc.Payment processing & subscription billingUSA (Standard Contractual Clauses)
Hostinger / web hostWebsite hosting & emailEU / UK
Tawk.to (if enabled)Live chatUSA (SCCs)

All third-party processors are contractually bound to process your data only on our instructions and in compliance with data protection law.

5. International Transfers

Where data is transferred outside the UK, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses approved by the UK ICO, or adequacy decisions).

6. Your Rights Under UK GDPR

You have the right to:

  • Access – request a copy of your personal data
  • Rectification – ask us to correct inaccurate data
  • Erasure – request deletion of your data (subject to legal retention obligations)
  • Restriction – ask us to restrict processing in certain circumstances
  • Portability – receive your data in a structured, machine-readable format
  • Object – object to processing based on legitimate interests
  • Withdraw consent – where processing is based on consent, you may withdraw at any time

To exercise any right, contact us at info@aovwebdesigns.com. We will respond within 30 days. We do not charge a fee for routine requests.

If you are not satisfied with our response, you may complain to the UK Information Commissioner's Office at ico.org.uk or call 0303 123 1113.

7. Security

We take reasonable technical and organisational measures to protect your data, including:

  • HTTPS / TLS encryption for all data in transit
  • Passwords stored as bcrypt hashes – never in plain text
  • CSRF protection on all forms
  • IP-based rate limiting on sensitive forms
  • Regular security reviews

No transmission over the internet is 100% secure. We will notify you and the ICO of any breach that is likely to result in a high risk to your rights, as required by law.

8. Children

Our services are not directed at children under 13, and we do not knowingly collect data from children. If you believe we have inadvertently collected such data, please contact us immediately.

9. Changes to This Policy

We may update this policy from time to time. The date at the top of the page shows when it was last revised. Significant changes will be communicated by email where possible.

10. Contact Us

For any privacy-related question or to exercise your rights:

AOV WebDesigns Limited
123 Business Park, London, UK
info@aovwebdesigns.com