Tower Lottery Partnership (TLP) will operate in full accordance with its contractual obligations, and operational requirements as clearly directed by our charity partners and offers the following guarantee as to how we will manage all personal detail in the conduct of all of our data processing services.

We will:

• Operate in full compliance with our obligations under the Data Protection Act (DPA) 1998, the General Data Protection Regulation (GDPR) 2016, the Privacy and Electronic Communications Regulations (PECR) 2003, and all other subsequent legislative and regulatory amendment.
• Enshrine in our policies and procedures the principle to protect the rights of every individual who entrust their personal detail to Tower, whether processing data on behalf of a client, or acting as a data controller by processing data related to its own staff or contractors and regards the rights of every such individual as being of paramount importance.
• Ensure the confidentiality of all data records, and that no unauthorised access, disposal or distribution of that data will be possible.
• Ensure that any service providers performing services, that involve collection, processing or storage of personal detail, must operate in complete conformity and compliance with the principles and procedures outlined in our Data Protection Policy.
• Guarantee that any data collected or retained by Tower will only be for the purposes stated by the data controller (‘the charity’), and personalised data will not be retained once processing has been completed.
• Assume that where legitimate interests or consent has been determined as the legal means for processing data, that appropriate LIA’s (Legitimate Interests Assessments) or DPIA’s (Data Protection Impact Assessments) have been conducted by the client, before direction is given to Tower as to the correct means of processing.