Royal Signature Expo logo

Legal

Privacy Policy

This policy explains how we collect, use, and protect your personal information when you use the Royal Signature Expo raffle platform.

Effective date: 1 April 2026

1. Who We Are

This website (royalsignatureexpo.co.sz) is operated by the Eswatini Investment and Promotion Authority (EIPA) in collaboration with the Royal Signature Expo 2026 ("we", "us", or "our").

We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and share your data when you use our platform to participate in the Eswatini Royal Signature Expo 2026 Mega Raffle Draw.

2. Information We Collect

Account & Profile Information

  • Email address (via Google Sign-In)
  • First name and last name
  • Phone number and country dialling code
  • Unique account identifier

Order & Transaction Information

  • Prize selections and quantities
  • Order amounts and currency (ZAR / USD)
  • Payment transaction IDs and status
  • Raffle coupon numbers and ticket references

Automatically Collected Information

  • Device type, browser type, and operating system
  • IP address and approximate geographic location
  • Pages visited, time spent, and interaction patterns
  • Referral source and UTM campaign parameters (utm_source, utm_medium, utm_campaign, etc.)

Preferences

  • Display theme preference (light/dark), stored locally in your browser

3. How We Use Your Information

  • To create and manage your account and verify your identity
  • To process raffle coupon purchases and issue tickets
  • To facilitate payments through our payment provider (Peach Payments)
  • To notify winners and facilitate prize claims
  • To communicate with you about your orders, account, or the Promotion
  • To prevent fraud, abuse, and unauthorised access
  • To analyse website usage and improve our platform
  • To comply with applicable laws and regulatory requirements

4. Payment Processing

Payments are processed securely by Peach Payments (Pty) Ltd, a PCI DSS-compliant payment service provider. When you make a payment, your card details are entered directly into the Peach Payments embedded checkout and are never transmitted to or stored on our servers.

We only receive and store the transaction reference ID, payment status, and amount for reconciliation purposes.

5. Third-Party Services

We use the following third-party services to operate the platform:

Google Cloud Platform

Authentication (Google Sign-In), database, website hosting, backend application services, and analytics (GA4)

Peach Payments

Secure payment processing (PCI DSS-compliant)

RaffleTech

Raffle ticket generation and draw management

Each of these providers operates under their own privacy policies. We encourage you to review them. We only share the minimum information necessary for each service to perform its function.

6. Data Storage & Security

Your data is stored securely on Google Cloud Platform infrastructure with encryption at rest and in transit.

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption on all connections
  • Secure authentication with token-based session management
  • Role-based access controls for administrative functions
  • Audit logging of critical actions (payments, ticket issuance)
  • No storage of payment card information on our systems

7. Cookies & Local Storage

We use the following browser storage mechanisms:

  • Authentication session tokens — essential for keeping you signed in
  • Theme preference — stored in localStorage to remember your light/dark mode selection
  • Google Analytics cookies — used to understand website traffic and user behaviour (you can opt out via your browser settings or the Google Analytics Opt-out Browser Add-on)

We do not use advertising cookies or share cookie data with advertisers.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, including:

  • Account information — retained while your account is active and for a reasonable period thereafter
  • Order and transaction records — retained for a minimum of 5 years for legal and financial compliance
  • Analytics data — retained in aggregated form as per Google Analytics data retention settings

You may request deletion of your account and personal data at any time by contacting us (see Section 12).

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal data (subject to legal retention requirements)
  • Portability — request your data in a structured, machine-readable format
  • Objection — object to processing of your data for specific purposes
  • Withdrawal of consent — withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the details in Section 12.

10. Children's Privacy

Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Eswatini Investment and Promotion Authority (EIPA)

Email: info@eipa.org.sz

Website: https://royalsignatureexpo.co.sz