Privacy Policy
Last updated: 21 May 2026. This Privacy Policy explains what personal data A4G Arcade collects, how it is used, who it is shared with, how long it is kept, and the rights you have under UK data protection law (the UK GDPR and the Data Protection Act 2018). A4G Arcade is part of the A4G Network and is operated by J&S Venture Capital Holdings Ltd (the same UK business that operates All For Giveaways). This policy should be read together with the main All For Giveaways Privacy Policy at allforgiveaways.com/privacy and the A4G Arcade Terms & Conditions.
1. Who we are (Data Controller)
The data controller for A4G Arcade is:
J&S Venture Capital Holdings Ltd
T/A All For Giveaways / A4G Arcade
Company Registration Number: 11635885
The Elms, Doncaster Road
Rotherham, South Yorkshire, S65 1DY
United Kingdom
For any privacy enquiries, data subject requests, or to contact our Data Protection point of contact, email support@allforgiveaways.com.
2. Scope of this policy
This policy covers personal data processed when you use A4G Arcade (arcade.allforgiveaways.com), including when you create or sign into an account, browse the site, enter competitions (paid or via the Free Postal Entry Route), make payments, play reveal mini-games, contact us for support, or receive communications from us. Because A4G Arcade operates on a unified A4G One Account with All For Giveaways, this policy also explains the two-way data sync between sites in the A4G Network (see section 6).
3. Personal data we collect
We collect the following categories of personal data:
- Identity & account data: full legal name, date of birth, email address, password (stored hashed, never in plain text), avatar image, and your A4G One Account identifier.
- Contact data: residential address, postcode, country, and telephone number.
- Verification data: age-verification and identity-verification (KYC) outcomes, account status flags (e.g. verified, restricted, self-excluded), and any documents you submit to evidence eligibility before a prize is released.
- Financial & transaction data: the last four digits and brand of your payment card, payment authorisation references, order history, ticket purchases, wallet balances (cash and Star Points), wallet ledger entries, and refund records. Full card numbers, CVV/CV2, expiry dates and 3-D Secure credentials are never seen or stored by us — they are captured directly by our PCI-DSS compliant payment gateway, Cardstream, on their hosted payment page.
- Competition & gameplay data: tickets allocated to your account, reveal mini-game session data, instant-win and end-prize outcomes, and reservations.
- Responsible play data: spending limits you set on A4G Arcade (daily / weekly / monthly cash and Star Points limits), time-outs, self-exclusion settings, Inactivity Lock and Child-Lock preferences, and the 14-day cool-down state for limit changes.
- Communications data: support enquiries you send us, marketing opt-in / opt-out status for email and SMS, and our records of service messages sent to you (e.g. winner notifications, payment receipts, security alerts).
- Technical & device data: IP address, browser type and version, device type, operating system, language, time zone, referring URL, and pages visited within the site.
- Cookie & session data: authentication session tokens, basket state, and analytics identifiers (see section 10).
We do not deliberately collect special category data (e.g. health, ethnicity, religion). Please do not include such information in support correspondence.
4. How we collect your data
- Directly from you when you register on All For Giveaways and cross-app join into A4G Arcade, update your profile, set responsible-play limits, place an order, submit a Free Postal Entry, or contact support.
- Automatically as you use the site, via cookies, server logs and analytics tooling.
- From our payment processor (Cardstream) in the form of authorisation results, the masked card details listed above, and webhook events confirming payment outcomes.
- From the wider A4G Network — account identity, verification status, wallet balances, order history and responsible-play settings synced from All For Giveaways (see section 6).
5. Why we use your data & lawful bases (UK GDPR Art. 6)
We only process your personal data where we have a lawful basis to do so. The table below sets out, for each purpose, the lawful basis we rely on.
- Operating your account and providing the service (sign-in, profile, basket, checkout, ticket allocation, prize fulfilment, support) — performance of a contract between you and us under the Terms & Conditions.
- Processing payments and preventing payment fraud (Cardstream integration, refunds, chargeback handling) —performance of a contract and our legitimate interests in preventing fraud, plus legal obligation for tax/accounting records.
- Running prize draws fairly (live manual draws, auto-draws executed server-side, winner publication) — performance of a contract and legitimate interests in operating verifiable, auditable competitions.
- Age and identity verification (KYC) before releasing prizes — legal obligation and our legitimate interests in preventing underage entries and prize fraud.
- Responsible play controls (spending limits, self-exclusion, Inactivity Lock, Child-Lock) — legitimate interests in safer play and harm prevention. Where you actively set a limit, processing is also based on your consent.
- Cross-app sync within the A4G Network (see section 6) — performance of a contract for the unified A4G One Account, and our legitimate interests in delivering a single experience, preventing duplicate accounts and enforcing self-exclusion across brands.
- Service messages (winner notifications, payment receipts, security alerts, account changes) — performance of a contract and legitimate interests in operating the service safely.
- Marketing emails and SMS — your consent, which you can withdraw at any time via the unsubscribe link or your profile settings.
- Analytics and service improvement — legitimate interests in understanding and improving the site; non-essential cookies are only set with your consent.
- Fraud prevention, abuse detection & security (detecting multiple accounts, bots, payment fraud, system abuse) — legitimate interests in protecting the platform and other entrants, and legal obligation.
- Complying with the law (responding to regulators, courts, law enforcement) — legal obligation.
6. Cross-app data sync & the A4G One unified login
A4G Arcade and All For Giveaways operate on a single shared account known as the A4G One Account. You do not create a separate A4G Arcade account — you register once at allforgiveaways.com/register and then cross-app join into A4G Arcade using the same credentials. This means certain data is synchronised two-way between the sites in real time so the same account, balance, verification status and safer-play controls follow you across the A4G Network.
What is synced both ways:
- Account identity — email address, full legal name, date of birth, residential address and contact telephone number.
- Verification status — age-verification outcome, KYC outcome and any account flags (e.g. verified, restricted, self-excluded).
- Wallet balances — Star Points, site credit and winnings credit are shared across the A4G Network so a single balance is reflected on both sites.
- Order, ticket and winnings history relevant to entitlements and prize fulfilment.
- Network-wide responsible play controls — time-outs, self-exclusion, Inactivity Lock and Child-Lock settings are applied consistently across every site in the A4G Network.
- Communication preferences — marketing opt-in / opt-out for SMS and email.
What is NOT synced (kept independent on A4G Arcade):
- Spending limits — A4G Arcade operates its own independent daily / weekly / monthly spending limits, set and enforced only within A4G Arcade. They are separate from any spending limit set on All For Giveaways or elsewhere on the A4G Network, and changes are subject to a 14-day cool-down.
- Payment card details are never stored by us on either site — Cardstream holds them under their PCI-DSS environment.
- Mini-game session data generated inside A4G Arcade is not pushed to All For Giveaways.
Why we sync this data:
- One account, one experience. A single sign-in works across A4G Arcade and All For Giveaways, with one shared Star Points / credit balance, so you don’t need to top up or verify in two places.
- Safer play. Self-exclusion, time-outs and lock settings you apply on one site are enforced on every other site in the A4G Network, preventing them being bypassed by switching brand.
- Fraud prevention & compliance. Sharing verification status, identity flags and suspicious activity indicators across the network allows us to comply with our legal duties under the UK GDPR, the Data Protection Act 2018 and UK competition law, and to detect duplicate accounts, payment fraud and system abuse.
- Prize fulfilment. Winnings, deliveries and support cases can be administered from a single back office.
- Service continuity. If a feature or competition moves between A4G Arcade and All For Giveaways, your history and entitlements travel with you.
All cross-app sync happens between systems controlled by the same legal entity (J&S Venture Capital Holdings Ltd). Data is not sold, rented or shared with any third-party brand. The lawful bases are performance of a contract (delivering the unified A4G One Account you signed up for) and our legitimate interests in safer play, fraud prevention and operational efficiency.
7. Who we share your data with (processors & recipients)
We share your personal data only where necessary, and only with carefully selected recipients bound by written data protection terms. Categories of recipient include:
- Cardstream — UK-based PCI-DSS compliant payment gateway processing card payments on our behalf.
- Hosting & database infrastructure — our managed cloud backend provider that hosts the database, authentication, file storage and serverless functions powering A4G Arcade.
- Email & transactional messaging providers — used to deliver service emails, account emails and (where you have opted in) marketing emails.
- SMS provider — where you have opted in to SMS communications.
- Delivery providers (typically Royal Mail or third-party couriers) — to ship physical prizes to winners.
- Identity & KYC verification providers — to verify age and identity before releasing prizes.
- Analytics & error-monitoring providers — to understand site usage and diagnose technical issues.
- Other A4G Network brands operated by J&S Venture Capital Holdings Ltd — as set out in section 6 (this is not a third-party transfer).
- Professional advisers (lawyers, accountants, auditors) where necessary for legal, regulatory or accounting purposes.
- Regulators, law enforcement and courts where we are required by law to disclose information.
- A purchaser or successor in the event of a business sale, merger, reorganisation or insolvency — you will be notified of any such change.
We do not sell your personal data to third parties and we do not share it with third-party advertisers for their own marketing.
8. International transfers
Our infrastructure is primarily hosted within the United Kingdom and the European Economic Area (EEA). Where any of our processors host or process data outside the UK / EEA, we ensure an appropriate safeguard is in place — typically an adequacy decision or the UK International Data Transfer Agreement (IDTA) / EU Standard Contractual Clauses with the UK Addendum — so that your data continues to enjoy a level of protection essentially equivalent to that under UK law.
9. How long we keep your data (retention)
- Account & profile data: for as long as your A4G One Account is active, and for up to 12 months after closure for fraud-prevention and dispute-handling purposes.
- Verification (KYC) records: retained for the period required by anti-fraud and competition-law obligations (typically 6 years from the related transaction).
- Order, ticket, payment and wallet ledger records: retained for 6 years from the end of the financial year in which the transaction occurred, to meet UK tax and accounting obligations.
- Competition entries & prize records: retained for at least 6 years to evidence fair operation of the draw and to handle any subsequent queries.
- Self-exclusion & safer-play settings: retained for the duration of the exclusion and afterwards to evidence that controls were honoured.
- Support correspondence: typically 2 years from the last contact.
- Server logs & security telemetry: typically 90 days, longer where needed to investigate an incident.
- Marketing preferences: indefinitely while your account exists, so that withdrawn consents continue to be honoured.
Once retention periods expire, data is securely deleted or irreversibly anonymised.
10. Cookies & similar technologies
We use the following categories of cookies and local-storage items:
- Strictly necessary — authentication sessions, basket state, CSRF protection. Always on; cannot be switched off.
- Functional — remembering preferences (e.g. sound on/off, accepted maintenance notices).
- Analytics — aggregate usage statistics to help us improve the site. Set only with your consent.
We do not use advertising or cross-site tracking cookies. You can clear cookies and local-storage data at any time via your browser settings; doing so will sign you out and reset any saved preferences.
11. Security
We protect your data with industry-standard measures including TLS encryption in transit, encryption at rest for sensitive fields, hashed passwords, server-side enforcement of row-level security on the database, role-based access control for staff, audit logging of sensitive actions, and principle-of-least-privilege access. No system is 100% secure, but we take continual steps to identify and mitigate risks, and we will notify you and the Information Commissioner’s Office (ICO) without undue delay where a personal data breach is likely to result in a high risk to your rights and freedoms, in accordance with UK GDPR Articles 33 and 34.
12. Your rights under UK GDPR
You have the following rights in relation to your personal data:
- Right of access — obtain a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — ask us to delete your data where there is no longer a lawful reason to keep it. Note: we may need to retain certain records (e.g. financial records, KYC outcomes, evidence of self-exclusion) for the periods set out in section 9.
- Right to restrict processing while a concern is investigated.
- Right to data portability — receive the data you provided to us in a structured, commonly used, machine-readable format.
- Right to object to processing based on our legitimate interests, including direct marketing.
- Right to withdraw consent at any time, where processing is based on your consent (this does not affect the lawfulness of processing before the withdrawal).
- Right not to be subject to solely automated decisions with legal or similarly significant effects. The A4G Arcade auto-draw is an automated random selection of a winner but does not produce legal effects concerning non-winners and is governed by the published Terms & Conditions.
To exercise any of these rights, contact support@allforgiveaways.com. We will respond within one month (extendable by a further two months for complex requests). We may need to verify your identity before actioning a request.
13. Marketing & communications
We will only send you marketing emails or SMS where you have opted in. You can withdraw consent at any time using the unsubscribe link in any marketing message or via the communication preferences in your profile. Service messages (e.g. winner notifications, payment receipts, security alerts, responsible-play notifications) will continue to be sent where required to operate your account.
14. Winner publicity
Where you win a prize, your first name may be published on the relevant competition page on A4G Arcade and on the A4G Network’s social media channels for transparency and to provide social proof. We do not publish your town, city, full name, address or any other identifying information without your explicit consent. See the A4G Arcade Terms & Conditions for further detail.
15. Children
A4G Arcade is strictly for adults aged 18 or over. We do not knowingly collect personal data from anyone under 18. If we become aware that we hold data about someone under 18, the account will be closed and the data deleted (subject to any legal retention obligations). A Child-Lock feature is available to help adults restrict device access where appropriate.
16. Account closure
You may close your A4G Arcade account at any time from your profile, or by emailing support@allforgiveaways.com. You can also request closure across the entire A4G Network in the same request. We will action closure promptly. Certain data must be retained for the periods set out in section 9 (for example, financial records, KYC evidence and self-exclusion records).
17. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our service, our processors or the law. The “Last updated” date at the top of the page shows when it was last revised. Material changes will be notified to you by email or via an in-app notice before they take effect.
18. Complaints & the ICO
If you are unhappy with how we have handled your personal data, please contact us first at support@allforgiveaways.com so we can try to resolve the issue. You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO), at ico.org.uk or on 0303 123 1113.
19. Contact
For any questions about this Privacy Policy or how we handle your personal data, please contact support@allforgiveaways.com. The data controller is J&S Venture Capital Holdings Ltd, The Elms, Doncaster Road, Rotherham, South Yorkshire, S65 1DY, United Kingdom (Company Registration Number 11635885).