DATA PRIVACY AND PROTECTION POLICY FOR NEW YEAR MEGA LOTTERY LTD. LOTTERY WEBSITE

At New Year Mega Lottery Ltd., we are committed to safeguarding the privacy and protecting the personal data of our users. This Data Privacy and Protection Policy outlines how we collect, use, disclose, and protect the personal information of individuals who visit our lottery website.

  1. Information Collection:
    1. Personal Information: We may collect personal information such as name, email address, contact number, and payment details when users register an account, participate in our lottery games, or interact with our website.
    2. Non-Personal Information: We may also collect non-personal information such as browser type, IP address, and device information for analytical purposes.
  2. RAFFLE ENTRIES

    Eligible Participants may purchase more than one entry for each Monthly Draw and Mega Draw. There is no maximum to the number of entries an individual can make.

  3. Use of Information:
    1. Lottery Participation: Personal information collected will be used to facilitate lottery participation, process payments, and deliver prizes to winners.
    2. Communications: We may use personal information to send important updates, newsletters, and promotional offers related to our services, but users will have the option to opt-out of such communications.
    3. Improvement of Services: Non-personal information may be used for analytical purposes to improve our website's functionality, user experience, and security.
  4. Data Sharing and Disclosure:
    1. Third Parties: We may share personal information with trusted third-party service providers to facilitate lottery operations, process payments, or for analytical purposes. However, we ensure that these third parties adhere to strict data protection standards. The user’s data and information shall be kept in confidential against any third parties and shall not disclose those data either in written or communications to any person whatsoever (other than their professional advisers or as may be required by law, upon order of court or any other competent authority), except so far as is necessary for the execution of its obligations hereunder.
    2. The company shall protect against unauthorized disclosure of the information of personal data or information which is either designated in writing as confidential by using the same degree of care as it takes to preserve and protect its own confidential information of a similar nature. Such obligation shall continue for the period under reviews from disclosure of the information to the other Party.
    3. New Yew Mega Lottery shall not treat as confidential any information which is or becomes publicly available or is lawfully obtained from third parties without restriction or disclosure.
    4. Legal Compliance: We may disclose personal information if required to comply with legal obligations, enforce our policies, or protect the rights, property, or safety of New Year Mega Lottery Ltd., its users, or others.
  5. Data Security:
    1. Protection Measures: We implement industry-standard security measures to safeguard personal information against unauthorized access, alteration, disclosure, or destruction.
    2. Encryption: All sensitive data, including payment information, is encrypted using Secure Socket Layer (SSL) technology to ensure secure transmission over the internet.
  6. Data Retention:
    1. Retention Period: We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Once the data is no longer needed, it will be securely deleted or anonymized.
  7. User Rights:
    1. Access and Correction: Users have the right to access, update, or correct their personal information stored on our website.
    2. Withdrawal of Consent: Users can withdraw their consent for the processing of personal information or opt-out of communications at any time.
  8. Children's Privacy:
    1. Policy Updates: We reserve the right to update or modify this Data Privacy and Protection Policy at any time. Any changes will be prominently displayed on our website.
  9. Contact Information:
    1. Questions and Concerns: If you have any questions or concerns regarding this policy or the handling of your personal information, please contact us at [office@newyearmegalottery.com]. By using our website and participating in our lottery games, you agree to the terms outlined in this Data Privacy and Protection Policy. It is essential to review this policy periodically for any updates or changes. Last updated: [10th July 2023].

Data Privacy and Protection:
A data policy is a policy that describes how a business handles personal data. A data policy's primary function is to create transparency for the consumer about how data is processed, protected, and shared.

User Data Policy:
Data privacy defines who has access to data, while data protection provides tools and policies to actually restrict access to the data. Compliance regulations help ensure that user's privacy requests are carried out by companies, and companies are responsible to take measures to protect private user data.

Data destruction:
A data destruction policy is a set of written principles that guide how to properly dispose of information and the mode of disposal for each data category. The hardware disposal and data destruction policy aims to protect data from unauthorized access by controlling who gets to handle the disposal process.

Access Management:
User access management, or UAM, is a subset of IAM that emphasizes managing user access to various system resources and data. It helps provide users within the organization access to the tools and services they need at the correct time.

Systems & Data security:
A data security policy regulates the usage, management, and monitoring of data in an organization. Its primary goal is to protect all data used, managed, and stored by a company. Data security policies are typically not required by law, but can help organizations comply with data protection standards and regulations


Systems & Data Security Document for New Year Mega Lottery Ltd. Lottery

  1. Introduction:

    New Year Mega Lottery Ltd. (hereafter referred to as "the Company") is committed to ensuring the security and protection of the data collected, stored, and processed through its lottery website. This Systems & Data Security Document outlines the measures implemented to safeguard the integrity, confidentiality, and availability of data on our platform.

  2. Access Control:
    1. User Authentication: All users accessing the lottery website must undergo a secure authentication process, including strong password requirements and multi-factor authentication where applicable.
    2. Role-Based Access Control (RBAC): Access permissions are assigned based on the roles and responsibilities of individuals within the organization to limit access to sensitive data to authorized personnel only.
  3. Data Encryption:
    1. Transmission Encryption: All data transmitted between users' devices and our servers is encrypted using industry-standard Transport Layer Security (TLS) or Secure Socket Layer (SSL) encryption protocols to prevent interception or eavesdropping.
    2. Data-at-Rest Encryption: Sensitive data, including personal information and payment details, stored in databases or on disk storage, is encrypted using strong encryption algorithms to protect against unauthorized access in case of a security breach.
  4. Secure Software Development:
    1. Code Review: All code deployed on the lottery website undergoes rigorous code review processes to identify and mitigate potential security vulnerabilities before implementation.
    2. Secure Coding Practices: Developers follow secure coding practices, including input validation, output encoding, and parameterized queries, to prevent common web application security threats such as SQL injection and cross-site scripting (XSS) attacks.
  5. Regular Security Audits and Assessments:
    1. Vulnerability Scanning: Regular vulnerability scanning and penetration testing are conducted to identify and address security weaknesses in the infrastructure, applications, and configurations.
    2. Third-Party Audits: Independent third-party security audits and assessments are performed periodically to validate the effectiveness of our security controls and ensure compliance with industry standards and regulations.
  6. Incident Response and Monitoring:
    1. Incident Response Plan: The Company has an established incident response plan outlining procedures for detecting, responding to, and mitigating security incidents promptly and effectively.
    2. Continuous Monitoring: Real-time monitoring systems are implemented to detect suspicious activities, unauthorized access attempts, and potential security breaches, allowing for immediate response and remediation.
  7. Data Backup and Disaster Recovery:
    1. Regular Backups: Data backups are performed regularly to ensure the availability and integrity of data in the event of hardware failures, data corruption, or other disasters.
    2. Offsite Storage: Backup copies of data are stored securely in offsite locations to mitigate the risk of data loss due to physical damage or destruction of onsite infrastructure.
  8. Employee Training and Awareness:
    1. Security Awareness Training: All employees undergo regular security awareness training to educate them about security best practices, their roles in protecting data, and how to recognize and report security threats.
    2. Security Policies and Procedures: Employees are required to adhere to the Company's security policies and procedures to maintain the confidentiality, integrity, and availability of data on the lottery website.
  9. Compliance and Regulation:
    1. Legal Compliance: The Company complies with relevant data protection regulations and privacy laws, including but not limited to the Consumer Protection Council Act (CPC) of the Federal Republic of Nigeria.
    2. Data Retention Policies: Data retention policies are established to govern the storage and deletion of personal information in accordance with legal requirements and user consent.
  10. Conclusion:

    The security and protection of data on the New Year Mega Lottery Ltd. lottery website are of paramount importance to the Company. By implementing robust security measures, adhering to best practices, and continuously monitoring and improving our systems, we strive to maintain the trust and confidence of our users in the integrity and security of our platform.
    This Systems & Data Security Document is subject to regular review and updates to ensure alignment with evolving security threats, industry standards, and regulatory requirements.


IT Administration Policy Document for New Year Mega Lottery Ltd.

  1. Introduction:

    This IT Administration Policy Document outlines the guidelines and procedures for managing Information Technology (IT) resources at New Year Mega Lottery Ltd. It is designed to ensure the efficient and secure operation of our IT infrastructure and systems in support of our lottery operations

  2. IT Governance:
    1. Responsibility: The IT department is responsible for overseeing and managing all IT resources, including hardware, software, networks, and data, to support the business objectives of the Company.
    2. Compliance: IT operations and practices must comply with relevant laws, regulations, and industry standards, including data protection laws, such as the Nigeria Data Protection Regulation (NDPR), and lottery regulations.
  3. User Access Management:
    1. User Accounts: User accounts are created for employees based on their roles and responsibilities. Access privileges are granted according to the principle of least privilege, ensuring that users have access only to the resources necessary to perform their duties.
    2. Access Control: Access to sensitive systems and data is protected through strong authentication mechanisms, including passwords and multi-factor authentication, where applicable.
  4. IT Security:
    1. Data Security: Measures are in place to protect the confidentiality, integrity, and availability of data. This includes encryption of sensitive data, regular security assessments, and incident response procedures.
    2. Network Security: Firewalls, intrusion detection systems, and other security measures are implemented to safeguard the Company's network infrastructure against unauthorized access and cyber threats.
  5. Software Management:
    1. Software Licensing: All software used by the Company must be properly licensed, and license compliance is regularly monitored to ensure adherence to legal requirements.
    2. Patch Management: Timely installation of software patches and updates is performed to address security vulnerabilities and ensure the stability and performance of software applications.
  6. Hardware Management:
    1. IT Inventory Management: An inventory of hardware assets is maintained to track the acquisition, deployment, and disposal of IT equipment, including computers, servers, and networking devices.
    2. Maintenance: Regular maintenance and monitoring of hardware infrastructure are conducted to identify and address issues promptly, minimizing downtime and disruptions.
  7. Backup and Disaster Recovery:
    1. Data Backup: Regular backups of critical data are performed to ensure data availability and recoverability in the event of data loss or system failure.
    2. Disaster Recovery Plan: A comprehensive disaster recovery plan is in place to outline procedures for restoring IT systems and operations in the event of a disaster or major disruption.
  8. IT Support and Helpdesk:
    1. Support Services: IT support services are provided to assist employees with technical issues, troubleshooting, and resolving IT-related problems in a timely manner.
    2. Helpdesk Procedures: Employees are encouraged to report IT issues and requests through the designated helpdesk channels for efficient resolution and tracking.
  9. Acceptable Use Policy:
    1. Authorized Use: IT resources are to be used for business purposes only. Employees are expected to adhere to the Company's acceptable use policy regarding the use of IT systems, internet access, and email communication.
  10. Training and Awareness:
    1. Training Programs: Regular training sessions and awareness programs are conducted to educate employees about IT security best practices, data protection policies, and emerging cyber threats.
  11. Compliance Monitoring:
    1. Audits and Reviews: Regular audits and reviews of IT operations, security controls, and compliance with IT policies are conducted to identify areas for improvement and ensure ongoing adherence to standards and regulations.
  12. Conclusion:

    This IT Administration Policy Document serves as a framework for managing IT resources effectively and securely at New Year Mega Lottery Ltd. By adhering to these policies and procedures, we aim to maintain the integrity, confidentiality, and availability of our IT systems while supporting the Company's lottery operations