Prizes    Play Now    Winning numbers    About Us   

Privacy policy

Privacy Policy

Latest update: 24th May 2018

What this policy covers

Capen Ltd, trading as Zaffo, manages raffles and lotteries on behalf of Societies (the Services).

The protection of personal data is of paramount importance. When you entrust your personal data to a Society through us, we go to great lengths to ensure that personal data is held securely and used only for the purposes which you have agreed to.

In this Privacy Policy we explain the things which we think are important for you to know about the personal data we collect from you, the purposes for which we use your information and how we protect your data. This policy is intended to help you understand:

  1. What information we collect about you

  2. How we use information we collect

  3. How we share information we collect

  4. How we store and secure information we collect

  5. How to access and control your information

  6. Other important privacy information

If you do not agree with this policy, please do not access or use our Society sites and services. If you have any questions relating to how we handle your personal data, please email

1. What information we collect about you

We collect information about you when you input it into our raffle or lottery websites or otherwise provide it directly to us.

Your use of the Services: We collect information about you when you register for an account, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information when you register for the Services. We keep track of your preferences when you select settings within the Services. The Services include the Raffle/Lottery products you subscribe to, including websites owned or operated by us, where we collect and store information that you supply during the sign-up process, and any content that you publish.

Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a question you have about a Service. Whether you designate yourself as a technical contact, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of any problem you might be experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.

Payment Information: We collect certain payment and billing information when you register for certain paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.

Information we collect automatically when you use the Services

We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services.

Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you access or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience.

Cookies and Other Tracking Technologies: We use cookies and other tracking technologies to provide functionality and to recognize you across different Services and devices.

What is a cookie? It’s a text string of information that a website transfers to the cookie file of the browser on your computer’s hard disk (or the memory of your mobile device) so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.

We may use cookies to help us recognise you when you - for example when you return to complete a form on our website. We may also use cookies to record information about how you access our website for statistics solely for us.

The only personally identifying data used by cookies is your IP addresses. You can choose not to accept cookies by setting the preferences on your internet browser. If you do not accept cookies from us this may impair or prevent some or all of the services which we provide to you.

To find out more about cookies, what they are used for and how to remove them, please visit the Interactive Advertising Bureau Europe’s website at

Tracking pixels: A tracking pixel is a piece of code, which contains a small image that is loaded when a user visits a website or opens an email, and is used to track certain user activities. Some societies also use tracking pixels to understand how you found out about their fundraising activity and measure the success of their marketing campaigns. For example, if they have invested budget in an online advertising campaign, tracking pixels can tell them whether you arrived at one of our websites from the advert they published, and whether you went on to make a purchase.

2. How we use information we collect

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.

To provide the Services and personalise your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. For example, we use your personal data for the following purposes:

To communicate with you about the Services: We use your contact information to send transactional communications via email, including confirming a purchase, reminding you of subscription expirations, responding to questions and requests, providing customer support, and sending you technical notices, updates and administrative messages.

We also send you communications when you sign up to a particular Service to help you use that Service. These communications are part of the Services and in most cases you cannot opt out of them. If an opt out is available, you will find that option within the communication itself.

To market, promote and drive engagement: We may use your contact information and information about how you use our Services to send promotional communications that may be of specific interest to you, including by email. These communications are aimed at driving engagement and helping you get the most out of our Services, including information about new campaigns or features, survey requests, newsletters, and events we think may be of interest to you. You can control whether you receive these communications by contacting to confirm your preferences.

Customer support: We use your information to resolve technical issues, to respond to your requests for support, and to repair and improve the Services.

For safety and security and to protect our legitimate business interests and legal rights: We use information about you and your Service use to verify activity across our platform, to monitor suspicious or fraudulent activity and to identify violations of Service policies.

Where required by law, or where we believe it is necessary to protect our legal rights, interests and the interests of others, we will disclose your personal data to law enforcement agencies or regulatory bodies. For example to:

(i) comply with the law or with legal process;

(ii) protect and defend our rights and property or that of our customers;

(iii) prevent fraud;

(iv) protect against abuse, misuse or unauthorised use of our website;

(v) protect the personal safety or property of our customers or the public;

Third Party processors: We may employ other companies to provide services for us, including for example, processing of payments in order for us to be able to provide our services to you. These companies have access to the personal information needed to perform their functions and not for any other purposes and are bound by confidentiality agreements not to disclose any information for any other purpose.

If at any time we wish to disclose your personal data in circumstances other than those above, we will always obtain your consent before doing so.

With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above.For example, we may send you information about new services or events where you have consented to be contacted.

Legal basis for processing (for EEA users):

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal basis for doing so under applicable EU laws. The legal basis depend on the Services you use and how you use them. This means we collect and use your information only where:

We need it to provide you the Services, including to operate the Services, provide customer support and to protect the safety and security of the Services;

It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;

You give us consent to do so for a specific purpose; or

We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use, though, in some cases, this may mean no longer using the Services.

3. How we share information we collect

We want our services to be the best that they can be. This means sharing information with certain third parties, who are experts in their fields. We share information we collect about you in the ways discussed below. We never sell information about you to advertisers or other third parties.

Managed accounts and administrators: If you register or access the Services using an email address with a domain that is owned by your organization, we may, at the request of your employer, share certain information that you have supplied in registering for our Services.

Sharing with third parties

We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services:

Service Providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.

Third party service providers we use to provide our services to you

Sendinblue: Email service provider. Uses include sending automated transactional emails when a raffle/lottery ticket is purchased by card through one of our Society Sites.

Docmail: bulk mailing service used to post Advance Notification Letters following a Direct Debit Lottery purchase. policy

AWS (Amazon Web Services): our web host.

RSM2000. Our payment service provider and BACS bureau, processing card and Direct Debit transactions.

Paysafe. A payment service provider, processing card transactions.

Credorax. Our acquiring bank: the link between our payment service provider and your card issuing bank.

Hubspot. Our Customer Relationship Management tool. For example, information submitted via our web forms is stored here.

Society Clients and their partners: Where we are managing a raffle or lottery on behalf of a society, that society is the data controller, and all data captured through our services is shared with them. In some cases, a society may ask us to share data with a third party that helps them run a fundraising initiative. For example, where a Society recruits lottery players through a recruitment company, we may be asked by the Society to share information with that company about successful and failed payments.

Links to Third Party Sites: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours (for example, clients may include links to their own or partner websites). If you submit information to any of those third party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.

Third-Party Widgets: Some of our Services contain widgets and social media features, such as the Twitter "tweet" button. These widgets and features collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.

With your consent: We share information about you with third parties when you give us consent to do so. For example, where a Society is partnering with a corporate partner to run a raffle, you may be invited to opt-in to marketing communications from that corporate partner.

Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Capen Ltd, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

Business Transfers: We may share or transfer information we collect under this privacy policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.

4. How we store and secure information we collect

Information storage and security:

We use data hosting service providers in the London to host the information we collect, and we use technical measures to secure your data. For more information on where we store your information, please contact to request our system architecture diagrams.

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others or from accidental loss or corruption

If you use our Services, responsibility for securing access to the information you put into the Services rests with you and not Capen Ltd. Whilst all of our sites are issued an SSL certificate as part of our website service, we strongly recommend that Society administrators restrict access to their Zaffo Secure dashboard. Please note that our storage of your information is incidental to our provision of our services to you and does not absolve you of your responsibility to back-up your important information

How long we keep information:

How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.

Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences in our Customer Relationship Management tool for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Zaffo account. Unless we are required by law to contact you (for example, to send a ticket email if you purchase raffle/lottery tickets, you will always be given the option to opt-out of marketing communications. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created. See section 5 below for more details on how to control your information.

5. How to access and control your information

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.

Your Choices:

You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. You may contact us at to request assistance.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

Update your information: If you believe the information we hold on you is inaccurate, or your information has changed, please contact and advise us of any amendments you wish to be made.

Deactivate your account: If you no longer wish to use our Services, please contact us. Please be aware that deactivating your account does not delete your information. For more information on how to delete your information, see below.

Request that we stop using your information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your employer does not object (where applicable).

Opt out of communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, or by contacting us as provided below to have your contact information removed from our promotional email list or marketing/CRM database. Even after you opt out from receiving promotional messages from us, you will continue to receive legal and transactional messages from us regarding our Services. For example, if you purchase a raffle/lottery ticket from a website managed by us, it is our legal obligation to send you your ticket information.

Turn off Cookie Controls: To find out more about cookies, what they are used for and how to remove them, please visit the Managing Cookies section of Interactive Advertising Bureau Europe’s website at

Send "Do Not Track" Signals: Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.

Data portability: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the Zaffo services under your control, such as that added to your Zaffo website through the Content Management System.

6. Other important privacy information

Changes to our Privacy Policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we may send you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account, as outlined above.

Contact Us

If you have questions or concerns about how your information is handled, please contact us at 0203 808 4345. Unit 512, The Print Rooms, 164 to 180 Union Street, SE1 0LH.